Last week CLEF announced that they are stopping supporting their product. I have used the CLEF WordPress plugin on many sites, and recommended it to clients for an extra layer of security. It also made logging into multiple sites so much easier.
I have been looking for an alternative since, I didn’t like any of their recommended plugins but have today found and installed Duo for WordPress on a few sites and it is working really well. The initial set up is longer than CLEF, but once that is done the ease of use to login with your phone (or apple watch) is really good. The app is available on the google and app store.
First of all deactivate your CLEF plugin and then delete it.
On your WordPress site go to Settings – Duo Two Factor and you will see where the setting are to go.
On the Duo site (one you have registered and confirmed the account and are logged in) go to Applications and Protect An application and find WordPress in the list and click it.
Here you will get the integration key, secret key, and API hostname to add to your WordPress site.
Add these to your WordPress site in the boxes and save and you will then be logged out.
And you will see this screen
Click start set up and follow the steps to put in your mobile number, you will get a text through with a code to confirm you have your phone. Add the code and verify.
You then get to choose when you log in each time do you want a code sent you have to put in, or a ‘Duo Push’ a notification on your phone (or apple watch) you can click a tick or a cross. Then click continue to log in.
You will then get three choices of how to authenticate yourself, choose one and you will get the message / text
OK the message or add the passcode and then you will be logged in.
For all future logins you will just get the last screen grab above come up after you have entered your username and password.
You can add more than one WordPress site to your Duo account. Just follow the steps as above.