Two steps forward

Clef+SoftaculousThe Threat

We will all remember 2014 as the Year of Security for WordPress. Powering more than 20% of sites on the Internet, WordPress has become a prime target for hackers. This year we’ve felt the impact with the Heartbleed, Jetpack, and HTTP cookie vulnerabilities, but it’s the threat on the horizon we need to pay attention to.

The zombie army, also known as “botnets”, is a massive collection of infected computers and compromised sites that attack WordPress sites at random.

Each computer in the zombie army guesses a few different passwords on your site and, with millions of computers in the army, most sites fall in seconds.

The zombie army feeds on the weakest and worst-maintained sites in our community to grow and become more powerful. As more sites fall, we all become more vulnerable.

The Answer

Today we’re only protecting the people who seek out and research security on their own. Instead, we must decide as a community that good security should be on by default.

Specifically, two-step logins are a tool that everyone in our community should have access too.

Automattic offers two-step logins on because “The weakest link in the security of anything you do online is your password.” Automattic has led the way, but we need other hosts to follow them.


The next big challenge with WordPress is raising the baseline security of new sites coming online. With Clef, we found a way to make huge gains in security while also improving user experience. Working together is a no brainer.

– Brijesh Kothari, Head of Sales @ Softaculous

Today, we’re announcing a partnership with Softaculous to make two-factor easy for any host to enable. With this new integration, any host using Softaculous can include Clef in WordPress installations to give users access to secure two-factor logins out of the box.

Softaculous has become a dominant installer of WordPress and is used by hosts all over the world because their user interface is simple and their scripts are secure. Most new sites in our ecosystem come through Softaculous or another installer, making them a fantastic place for us to improve the baseline security of our community.

It’s one step for any host that uses Softaculous to enable this by going to the Softaculous Admin panel -> Software -> Advanced Settings and checking the box to enable Clef. The admin setup instructions are here and you can see a demo settings page here.

Clef Host Incentive

To help encourage hosts to enable two-step logins for their customers, we’ve created the Safer Host Incentive Program (SHIP).

Any host that offers two-step logins for newly created sites is eligible for (SHIP) and will be able to use Clef on their own domain for free. Clef will still always be free for sites with less than 100 users.

We’re also going to be featuring and promoting SHIP hosts on the Clef blog and hosts page to make sure they get the love they deserve!

You can read more about the hosts program here.

Call to Action

The zombie army gets stronger every day. We’re all responsible for helping to protect this community and your voice can help make sure that our most vulnerable users get access to the tools they need.

Ask your host to offer two-step logins on Twitter by clicking an icon below, or craft your own with the hashtag #twostepsforward.

Clef Icon

Get to know Clef

Clef allows you to securely log in to your favorite websites and services without needing a password. It’s two-factor authentication from the future. Learn more at

The Clef team's perspective on community, design, business, and engineering delivered straight to your inbox.