The shutting down was a disappointment for all users and means big troubles for more that one million WordPress site’s administrators.
First things first. What is Clef (in case you’re wondering)? It´s a two-factor authentication, also known as two-step authentication, app with a widely popular plugin for WordPress.
If you use Clef or know what this is, jump to the next chapter. If you need some enlightenment, stick with me.
Everything that provides more security to your site is a must have. I’m sure you know that the Internet is a dangerous place.
Two-factor authentication is a strategy to enhance security, requiring users two things:
Someone with your login data – username and password -, can’t access the website console without the code, refreshed in some seconds within the app ou that will arrive shortly inside a message.
In the WordPress ecosystem, brute-force attacks are one of the most popular known methods of hacking. The bad guys try to find out your username and password. Bots usually do the dirty job, trying to guess the access credentials. If they are successful, you’re in serious trouble.
Two-factor authentication works as another way to improve security by applying an extra layer.
It’s not the end of your worries. The site can be hacked by another sort of attack vector but, at least, you reduced the chances of intrusion.
There are many ways to receive the code, depending on the app or system you use:
There are systems more beautiful than others but, in this case, it is not the beauty that counts but rather the ease of use and the user experience.
Welcome back Clef user. It’s time for alternatives.
If you haven´t already removed the plugin, get it done after finishing read this. The team made a useful little guide in four steps. It’s time to say goodbye. And a warm welcome to your new safety companion.
Let’s look at some of the top authentication plugins available for WordPress.
The Google Authenticator plugin is one of the most popular. Gives you two-factor authentication using the Google Authenticator. The app is available for iPhone (and iPad), Android, and Blackberry.
Install and activate the plugin. Set a secret key or use a QR code. Download the free Google Authenticator app and enter the secret key or QR code. From now on, any time you try to login to your site, you’ll need to open the app and enter the authenticator code.
It’s a dull app but does the job. It’s free.
Download, install and activate the plugin. Sign up for an Authy account and enter your Authy API key.
You’ll have to update your WordPress profile in WordPress backend.
The plugin works with:
Authy is free until 100 months authentications. For more, you have paid plans.
Like Google Authenticator, you must download and install the plugin and app. But you’ll also need an account on the Duo Security website to get security keys. Just like Authy.
When you try to login to your site, you’ll be redirected to another login page to choose your preferred authentication method:
Duo is free up to 10 users. If you need more, you’ll have three scales of prices, for 3, 6 or 9 dollars per user and month.
The easiest of them all to start and the most attractive for the password haters.
The same procedure: download, install and activate the plugin.
Go to your login page, insert username and password and wait for the email Rublon sends you. Click on the link, and you are ready to go. Your next login from the same device will need only your password.
From this point, you’ll want to use the mobile app (available for Android, iOS and Windows Phone). You’ll have to scan a QR code.
Rublon is free for personal use on one website. To add more accounts, you will have to opt for paid plans. There are no prices on the website but we learned that is 2 dollars per user and month. They prefer to get contacted because then they know who is interested in the service.
Now it’s on you. Choose your solution and get your hands dirty. In the end you’ll have a more secure website.