Using the Clef 2FA WordPress plugin on Pantheon's platform

Pantheon Website Management Platform

Is the Clef 2FA WP plugin compatible with Pantheon's WordPress platform?

Yes! Plugin version 2.5.1 or higher required. 

Are any extra steps necessary during installation and activation of the plugin?

No. Simply install the Clef 2FA plugin via the Plugins menu in the WP dashboard.

Given Pantheon's three-tier staging setup (i.e., dev, test, and live environments), how do I configure the Clef 2FA plugin's Oauth settings with the corresponding dev, test, and live URLs?

During installation the Clef 2FA WP plugin automatically creates a new Clef Oauth integration for your WP site. The  Application Domain and Logout Hook URL parameters of the Oauth integration are derived from the URL of the WordPress site.
Since Pantheon's three-stage development environment involves three distinct URLs, the Clef Oauth integration requires additional configuration using one of the following options:
Option 1: wildcard Application Domain, logout hook for live site only
Since the Application Domain parameter accepts the * wildcard character, you can run the Clef 2FA plugin on all three Pantheon environments using one Oauth integration. Assuming you've already installed the Clef 2FA plugin on one of your environments, the following configuration instructions will enable your Oauth integration to work on all three environments:
  1. Log in to the Clef Dashboard.
  2. Click on your name at the top right, and select the integration for your WP site from the list.
  3. Select the Domain tab, and set the value to http://*.YourLiveSite.com
  4. Select the Webhooks tab, and set the Logout Hook URL value to http://www.YourLiveSite.com/wp-login.php (or, if you've renamed wp-login.php, use the renamed equivalent of wp-login.php).
Since the Logout Hook URL parameter does not accept a wildcard character, option 1 entails the limitation that the logout hook will work only on the live environment.
Option 2: create separate Oauth integrations for dev, test, and live environments
If you want Clef logout hooks to work on all three environments, then you must create separate Oauth integrations for each one. This can be done automatically as follows:
  1. Assuming you are starting on the dev environment, install the Clef 2FA plugin normally (i.e., via the Plugins menu in the WP dashboard), and complete the setup wizard.
  2. Before pushing from dev to test, deactivate the Clef 2FA plugin on origin.
  3. Execute the push.
  4. Activate the Clef 2FA plugin on dev.
  5. Activate the Clef 2FA plugin on test.
  6. On test, go to the Clef settings page in the WP Dashboard, press the Reset Application ID and Secret button at the bottom; then, complete the setup wizard, which will automatically create a new Oauth integration with the correct Application URL and Logout Hook URL on the test environment.
  7. Repeat steps 1–6 before pushing from test to live.
Following this method means that 
  • Clef logout hooks will work on all three environments
  • and you will have three Oauth integrations for your Pantheon-powered WP site in your Clef Dashboard.