Easy two-factor authentication for WordPress with Clef
Enabling a two-factor authentication for your WordPress website greatly improves the security of your website. In this tutorial we will show you how to install and use Clef - probably the easiest way to implement two-factor authentication in WordPress.
Get ad-free Clef with your SiteGround account!
Thanks to our partnership with Clef our users receive an ad-free version of the plugin. You can get it together with your next new WordPress install through our 1-click installer Softaculous or you can download it from our user area and add it to any existing WordPress.
How to Install Clef
If you install a new WordPress application using our 1-click installer Softaculous, you can simply place a check on the Clef Secure Passwordless login option on your installation screen.
If you place a mark on this checkbox, Clef will be automatically installed. Read on, to see how to enable it for your WordPress site.
If you have a WordPress application installed, or you prefer to make a manual WordPress installation, Clef can be installed as every other plugin. For detailed information on how to do that, check our tutorial on How to Install WordPress Plugins. You can download the Ad-free version of the plugin from the Resources page in your User Area.
How to Enable Clef
To enable Clef and start using it, first you need to login to your WordPress backend and click on the Clef link from the left menu.
This will take you to the initial Clef configuration screen. Press the big Get Started button to proceed.
Clef will provide you with links to install the required application on your mobile phone. To do this, press the get the clef app button. If you already have the application installed on your smartphone, click on the I already have the app link on the top of the page.
In order to use the Clef application for login, you need to provide your email and a choose your 4 digit pin code. This way, you make sure that no one except you can use your phone to access your sites.
Once you have the app installed on your phone, you will be asked to synchronize your app with your WordPress site. To do this, start the Clef app and hold your mobile phone so it can record the moving "waves" on the screen. In few seconds (while the camera focuses), your app will be synchronized with this website.
That's it, all you need to do now is press the complete setup button.
How to Login and Logout with Clef
When Clef is installed and synchronised with your mobile app, your WordPress login screen should look like this:
Simply start the Clef mobile app and hold your phone in front of the moving lines. Once the camera focuses, you will be logged into your WordPress site. It's that simple!
To logout from WordPress you need to click the big logout now button of the Clef application on your mobile phone. Unless you do that, you will remain logged in the browser until the Clef app timer runs out.
How to Disable Regular Passwords
By default, after activation, Clef doesn't disable the standard WordPress authentication method. This means that if someone knows your password, they will still be able to access your account. If you want to be sure that this won't happen, you need to force the usage of Clef for the site users. There are few options to do that, all listed below.
The first option on your Clef settings page allows you to force Clef login for all users that have installed and synchronised their Clef mobile apps with your site. To do this, simply place a check on the Disable passwords for Clef users checkbox.
Clef provides you with another option to force Clef logins. Using the Disable passwords for all users with privileges greater than or equal to option, you can leave regular subscribers with the ability to login with normal username and password but force editors and users with more privileges for example to use Clef for extra security.
If you want to completely disable the regular login for your WordPress website and hide that option from the login screen, you can do this by placing a check on the Disable passwords for all users and hide the password login form option.
How to Disable Clef
If you want, you can always disable Clef and go back to the standard logging mechanism provided by WordPress. To do this, click on the Disconnect Clef account link in the left menu of your WordPress admin area. Next, press the Disconnect your Clef account button.
That's it, you can now login to WordPress the standard way.
Lost your Phone?
If you lose your phone, or it gets stolen, Clef provides you with an easy way to get back the access to your site and disable it for your missing phone. To do this, simply follow the instructions in the official Lost your Phone? page on the Clef website.