The Clef plugin was one of the best two-factor authentication. Which made logging into WordPress easy and more secure for years.
Founder and CEO of Clef announced. That Clef will no longer be supported and now users need to find an alternative before June 6, 2017.
So what the hell are we supposed to do now?
Two-factor authentication for logging into WordPress protect you against phishing and brute force attacks. Since a hacker couldn’t just guess or enter your password to gain access to your site. They would also need access to your smartphone.
So here are four excellent and free alternatives to Clef that are updated regularly that you can install on your WordPress site and start using today.
Best alternatives to Clef
Unloq is a great alternative to Clef since you also don’t need to enter a password once the plugin is installed on your WordPress site.
When you click it, you get a notification on your phone through the Unloq app with the IP address and location of the attempted login, the account username, as well as a button to either approve or deny the login.
If you don’t have a smartphone or you don’t have it nearby, you can still get two-factor authentication through time-based one-time passwords (TOTP) and email login.
If you require assistance migrating from Clef, the Unloq team is also willing to help you out.
Unloq is free for up to 100 users. There are also a lot of useful features for WordPress developers who manage client sites, such as the ability to white label the Unloq app so you can offer two-factor authentication as an added service.
Interested in Unloq?
2. Google Two-Factor Authentication by Mini Orange
Google Two-Factor Authenticatior plugin also doesn’t require the use of a password and works with the MiniOrange app so it’s a suitable alternative to Clef, though, it’s free for only one user. When you log in, you have the option to do so by using your username, password and Google two-factor authentication or your username and Google two-factor authentication.
If you’re migrating from Clef, there are six quick setup steps to get a comparable two-factor authentication service to Clef:
- Install the plugin like you would most others in the WordPress repository
- Verify your email
- Select the QR Code Authentication method
- Install the MiniOrange Authenticator app on your smartphone
- Scan the QR Code from the plugin page to the miniOrange app
- Configure the plugin to your specific needs
If you decide you want to upgrade to premium, there are many other types of two-factor authentication you can choose from including SMS, phone, email and push notifications.
3. Google Authenticator
This plugin is by far the most popular for Google Authentication. Like Clef, it offers two-factor authentication, but it’s different because it utilizes the Google Authenticator app. If you have two-factor authentication enabled for your Google, Amazon and Dropbox accounts, for example, you already have this app installed so it’s a convenient option in this case.
1.6 million WordPress Superheroes read and trust our blog. Join them and get daily posts delivered to your inbox – free!
Once the plugin is installed and set up, you can scan the given QR code with your smartphone and follow the instructions for creating a profile in the Google Authenticator app. When you need to log in, you can go to the Google Authenticator app and copy the code into the extra field on the login form to sign in.
If you don’t have a smartphone or you don’t have access to WiFi or data on it, you can log in with the web-based version of the app.
It’s a solid plugin that’s updated consistently. When you’re setting it up, be sure to check that your web host can provide accurate time information. Otherwise, you would get locked out of your site. However, you can remove the plugin by deleting its folder in the /wp-content/ directory via FTP or SSH to regain access to your admin dashboard.
4. Duo Two-Factor Authentication
Duo Two-Factor Authentication plugin
The Duo Two-Factor Authentication plugin has many options for logging in. There are passwordless options as well as one-time password options and you can also decide which one you want to use on the fly for your convenience.
Once the plugin is set up and you have signed up for their service for free, there are several different ways you can log into your WordPress site:
With one-tap using Duo’s mobile app, which you can also install on your smartphone
Via a one-time passcode generated by Duo’s mobile app (works even if you don’t have cell phone coverage)
A one-time passcode delivered as an SMS message (also works with no cell phone coverage)
With a phone call to any phone including mobile or a landline
Via a one-time passcode generated by an OATH-compliant hardware token
It’s free for up to 10 users and you can also choose who is required to use two-factor authentication to log in based on WordPress user roles.
There’s no need to worry about what you’re going to do now that Clef is no longer an option. In fact, you have four suitable and solid alternatives to Clef for two-factor authentication on your WordPress login forms.
No matter which one you use, you can rest easy knowing your sites and your clients’ sites are that much safer from phishing and brute force attacks.
For more details on beefing up WordPress security, check out some of our favourite security posts: