Website security is a huge issue these days, especially if you are processing financial transactions on your site. Somewhere around 1/4 of all websites are built using WordPress, which is way more than any other website building platform. This means hackers are going to target them more.
Some estimates say close to 75% of WordPress sites have almost zero security.
We (HYBRYD Studios) have been fortunate enough to have never had a successful hack on any sites we actively manage, although there have been lots of attempts. We are not claiming to be website security experts. We only share this because we want you to know that you don’t have to be internet security gurus to protect your site from the vast majority of threats out there.
However, we are not delusional… we know any site or computer connected to the internet can be hacked. The only thing we can do is our due diligence to try to make it as challenging (and thus unattractive) to hack as possible.
It is much like preventing a house from being broken into. If someone really wants to get in, there is always a way. Locks and security systems just make it unappealing by making it not worth the hassle.
We use a combination of tools and methods to protect our sites and our clients’ sites. One of those tools that we have been using for two-factor authentication (login security) for our WordPress websites is called Clef.
Unfortunately, it was recently announced that Clef will no longer be supported. With security technology needing to be constantly updated to stay current, we must now find an alternative.
What is Two-Factor Authentication?
Simply put, two-factor authentication means it requires more than just a username and password to login. This adds more security to your site (which is a big deal these days).
Different two-factor authentication plugins work in different ways. Some of the common methods are:
- Email Authentication: This just emails you a link when you try to login. You must then open that email and click the link to login to the site. This is probably the least secure way to do it, because email accounts are hacked at least as often as websites.
- SMS Authentication: This sends you a text message either with a link or a special code to enter before you can login to the site.
- Push Notification Authentication: This requires you to have a specific app on your phone or other mobile device. This method is considered one of the more secure.
Replacement for Clef (UNLOQ)
There are many options out there for two-factor authentication. We have spent almost 2 days reading articles of suggestions and looking into various options, and you can see some of the options at the bottom of this article.
We have chosen to go with UNLOQ. It is relatively new (which does make us a little nervous) but after installing it on a few of our sites it seems to be a great replacement for Clef.
Learn more about UNLOQ here (although, be warned, it is techy-speak).
Instructions to Remove Clef
Clef has provided instructions on removing Clef from your site as well as a few alternatives to consider.
Other Options to Consider
Two-Factor Authentication is just one part of your website security. Please don’t misunderstand this article by thinking that is all you need.
We highly recommend using iThemes Security, WordFence, or some other highly regarded security suite in conjunction with your login security. Some of those options also include two-factor authentication (usually with the paid version).
Also, as we said earlier, no site is 100% safe (even the CIA has been hacked). So, be sure you have backups and a plan for restoring your site should it ever get hacked or broken.