How do I fix Clef logout hook errors?

Fixes for Specific Error Codes

See also  How do I test Clef logout hooks?

What is a logout hook, and why do they fail?

A Clef logout hook is an HTTP request that Clef sends to a website’s server to log out a user. For a logout hook to be successful, the receiving server must have a clear line of communication with the Clef server. These hooks might fail for several reasons:

  • The hook is not yet set up or is misconfigured (typos, wrong URL, http instead of https, etc.).
  • The receiving server is temporarily inaccessible or has gone offline completely (maintenance mode or server crash).
  • The receiving server is blocking Clef’s ping before it reaches the web site (server and/or web application firewall).

When the logout hook for your site fails, you will receive an e-mail notification containing an error code. Self-help fixes are suggested for each code below. You can  test your Clef logout hook in the Clef Dashboard.

400 Bad Request

Something on your web server or with your hosting is blocking the POST request from the Clef server. Common causes inlude:

  • a server or web application firewall (like CloudFlare)
  • a .htaccess rule

Think through your server's setup, and see if you can determine the likely candidate. Have you changed any settings recently? Have you added new .htaccess files recently? Etc. If you are able to check your server's access logs, look for any entries with the Clef agent in the error log:

User-Agent: Clef/1.0 (https://getclef.com)

WordPress Tip: If you are receiving code 400 for a WP site, and if the logout hook is currently http://www.yourdomain.com/wp-login.php, try changing it to http://www.yourdomain.com. (For help changing this value, see "How to test logout hooks".)

401 Unauthorized

Logout hook URLs that are protected by HTTP Authentication will fail due to lacking the username and password. You can change the logout hook URL to include the HTTP user/pass (e.g., http://username:password@domain.com.); however, we do not recommend doing so since the user/pass will be stored in plaintext in our database.

Caution: proceed at your own risk! If you choose to proceed despite the risks, follow these steps to update your logout hook URL:

  1. Sign in to your Clef Dashboard.
  2. Click the dropdown in the top right and navigate to the appropriate integration.
  3. Click Webhooks.
  4. Change the Logout hook like this: http://username:password@domain.com.
  5. Everything should work! If you would like to test it out, press the Testing option at the top, and then press Trigger Logout Hook.

403 Access Denied

Something on your web server is blocking the POST request from the Clef server. Common causes include:

  • a server or web application firewall,
  • a WordPress security plugin firewall,
  • an .htaccess rule
  • an IP Tables rule

Think through your server's setup, and see if you can determine the likely candidate. Have you changed any settings recently? Have you added new .htaccess files recently? Etc. If you are able to check your server's access logs, look for any entries with the Clef agent in the error log:

User-Agent: Clef/1.0 (https://getclef.com)

If you're on a WordPress site, and your logout hook is currently http://yourdomain.com/wp-login.php, try changing it just http://yourdomain.com. This often works!

404 Not Found

The Clef server is trying to contact a URL that does not exist. Common causes include:

  • Your site has moved recently (e.g., you changed domain names, or you moved your site from a subdirectory to a root directory).
  • There is a typo in the logout hook URL.

To fix:

  1. Sign in to your Clef Dashboard.
  2. Click the dropdown in the top right and navigate to the appropriate integration.
  3. Click Webhooks.
  4. Change the Logout hook to the new location.
  5. To test the new logout hook, press the Testing option at the top, and then select Trigger Logout Hook.

500 Internal Server Error

Your server is experiencing an error, likely a PHP or other software error in your web application. More than likely, this error is temporary, and once it resolves your logout hook will work normally.

503 Temporarily Unavailable

Ordinarily, this error indicates that your site is in maintenance mode. Once your site returns to full operations, your Clef logout hook should operate normally.

[Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

Clef's server returns this error when a logout hook URL's SSL certificate does not validate. For instance, this error is triggered if you are using a self-signed cert. 

If you are unable to use a fully valid certificate, there are two possible workarounds. First, in the  getclef.com dashboard, there is an option to disable SSL verification on a per-site basis. To find this option, go to

  • the Integrations menu at the top right
  • Click the dropdown in the top right and navigate to the appropriate integration.
  • Click Advanced Settings.

You will find the SSL verification option near the bottom of the page:

Second, if your web site responds to HTTP requests in addition to HTTPS requests, then you can change the logout hook to use the HTTP protocol. To change it:

  1. Sign in to your Clef Dashboard.
  2. Click the dropdown in the top right and navigate to the appropriate integration.
  3. Click Webhooks.
  4. Change the Logout hook to use HTTP instead of HTTPS.
  5. To test the new logout hook, press the Testing option at the top, and then select Trigger Logout Hook.

Error: HTTPConnectionPool(host='example.com', port=80): Max retries exceeded with url: /path/to/logout/hook.php?clef_logout=true (Caused by : [Errno 110] Connection timed out)

This occurs when your site is unreachable. Common causes include:

  • The site is in a local or private network that is unreachable from an external request.
  • The site is moved and/or has been down for an extended period of time.

Clef's logout hook will not work until your web site has returned to a publicly accessible state.

WPEngine logout hook not working

We try our best to support all hosts out of the box, but with certain configurations on WPEngine, the logout hook doesn't work. If you're having issues with the logout hook and your site is hosted on WPEngine, try:

  1. Sign in to your Clef Dashboard.
  2. Click the dropdown in the top right and navigate to the appropriate integration.
  3. Click Webhooks.
  4. Append ?wpe-login=clef to the end of your logout hook
  5. To test the new logout hook, press the Testing option at the top, and then select Trigger Logout Hook.