*******Updated March 2017 *******
CLEF has announced they are stopping support from June 2017 for their products. I now recommend the Duo plugin for Two-factor Authentication. See the link for instructions on using it on your WordPress site.
I know the first question everyone will have is, why do I need to change the way I log into WordPress?
The simple answer is, to make it more secure, because more and more sites are getting hacked and a non secure login is the easiest way for someone to get in. And if you use a plugin like CLEF you will also make your login experience easier and faster.
For me when I had read about two factor authentication I thought woah, that sounds like a whole load of hassle. Especially when I spend all day logging into and out of WordPress sites for clients, I don’t want more passwords and boxes to tick thanks. But then I discovered CLEF, and it is fantastic.
I included it in the list of things to do if your WordPress site gets hacked I recommended. But it is something you should do even if your site hasn’t been hacked, as a preventative measure.
OK hands up whose WordPress login is the name of the dog /kids/first school/or any other word. As actually, what you need to remember is, those pesky hackers aren’t sitting in a chair thinking ‘oh her Mr Jones over there whose dog is called Dougal, and whose kid is called Janet, I think I can guess your password.” Nope they are running logs of possible matches. So what you need now is a passcode (no words, names, logical data that follows each other) and/or two factor authentication.
But both of those are hassle…yes?
Well actually no. The whole passcode thing of 19 different letters/numbers/blood of your first born, yeah they are hassle. But this plugin is not.
Install the plugin in the usual way and then you will go through a very short and quick set up (have your phone with you) (but who doesn’t have their phone with them 24/7 anyway?)
Once set up you can choose to disable passwords for login (do this) and then the only way to login to your sit is with the app (don;t panic you get a secret URL emailed to just you to get in with your user and password should you be stuck without a phone)
And then how do you login?
Like this… (sorry for not sharp image – trying to do the demo and take photo with other hand and before it logged in which is a split second was a tad tricky!)
You open the app on your phone & login (it is finger print login compatible) and then the login screen for WordPress is also the wavy blue lines, you hold one in front of the other and bang, it logs you in.
On the app on your phone you choose how long to be logged in for, then it will log you out automatically.
It can be used by all users on your site, all with different phones.
This is one tool in keeping the hackers out of your WordPress site, so remember to use the others too, as they will try and get in many different ways, but if you use this it is one less thing to worry about.