How To Make Your WordPress Site Unhackable

At Spectruss website security isn’t just important, it’s paramount.


The problem with security on the internet is that it’s unlimited with how much money you can spend and of-course nothing is guaranteed to work.

However, we have found a very low-cost and reliable system (after a lot of work) and I want to share it.

The system is based on our favorite wordpress security plugin: CLEF

The Clef mobile app provides two-factor authentication without you having to keep track of a password.  You download the plugin-in from WordPress and you download the CLEF app onto your phone.  Sync your phone with the Clef Wave to log in.

Aside from not having to remember passwords and two-factor authentication, it’s also free!

Jessica Riley who is in-charge of CLEF’s marketing had this to say when I asked her about CLEF and website security:

Clef provides businesses with fraud protection right where they need it most but control the least; user accounts. As more of our lives move online, Clef has provided a solution that empowers regular folks to act in their own best interest regarding their online security, which in turn fills the security gap that user accounts, and bad passwords, have created for online businesses. Most hacks happen through access provided through user accounts, often due to poor passwords or duplicated passwords across the web. Clef’s mobile cryptography bypasses passwords, removes a frustration point for people, and seals a major vulnerability for online business.

This plugin and app combo allows you to replace usernames and passwords on your WordPress site with your smartphone.

This is how it works:

Download the app directly from the Apple iTunes or Google Play stores.

Then download, install and activate the CLEF plugin from the WordPress Plugin Repository.

When you set up the smartphone app for the first time you create a profile on your phone. Clef uses that profile to generate a new digital signature each time you want to login to your site. Rather than login with a password, your login screen will be replaced with the “Clef Wave,” which you will need to sync with another Clef Wave on your phone.

The smartphone app will then grant you an hour-long session to use your site unless you increase the session time on your phone.  You can increase the time to “infinite” which obviously makes it a little less secure.


After you download the plugin in the WordPress directory you will see this:


Once you set-up CLEF you will see this:

Once you download onto your smartphone you create a PIN:


Now that you have CLEF downloaded to your wordpress dashboard and your phone you hold your phone over your wordpress site:


After you log-in and are set-up your phone will display the time you have remaining.  A benefit I have found is that it forces you to stay focused on writing.  This is why I don’t have the infinite time marked on my CLEF app.

Here is a great CLEF Explainer Video:


Clef from Clef on Vimeo.



We highly recommend you use both WordPress and CLEF for extra security for your website.  If you have any security questions about your website or just want to talk about your website – call or email us at Spectruss.

Back To Stories

Next Story