inthylight

@ratherrandom good evening,

No, you shouldn’t see a performance hit from these Heartbeat-API-related events.

If nevertheless you are concerned and want to stop these requests altogether, you can disable the Heartbeat API altogether (via plugin or via functions.php). Clef logouts will still function without Heartbeat (i.e., you will be logged out of WP when you press the logout button on your phone), but without the Heartbeat API you will not be shown the WP logout modal when you log out (i.e., you won’t see that you are logged out until refreshing the page or attempting to browser to another dashboard page).

Keep in mind, though, that disabling Heartbeat means disabling it for all other plugins that use it; also, WP core uses it for autosaving and locking post editing (see the note on disabling it here).

@miguelonx,

Good evening. This error indicates that your web server experienced a momentary connection error and could not connect to the Clef server via TLS/SSL, which uses port 443. Unless you are still seeing this error, no further action is necessary.

Hey Michael,

Unfortunately, the Clef system isn’t designed to do what you are seeking: it is designed for users to control their Clef session via the Clef app. And there isn’t an application-based workaround for SSO.

But, there is a small step in that direction if you’re up for applying an action. On the assumption that all of your WP users are using Clef to log in, you can change the logout redirect URL with this action; so that when WP users click the logout link, they will be redirected to getclef.com/logout/, which asks users to log out of Clef (i.e., it is a way to add a reminder to log out of Clef, if that is helpful to you. . .).

Use this plugin to add the action, and be sure to select the option to activate the action on the Dashboard when saving the action.

@michael good morning,

On Clef’s architecture, the way to achieve your desired result is via the app: choose an appropriate timer length or press the log out now button when your time at that workstation concludes.

The feature you are referring to is Clef’s Single Sign On. By design, when you manually log out from WP (i.e., when you click the log out link) you are logged out of WP but not logged out of your Clef session; thus you can re-log in to WP until you end your Clef session.

To log out of your Clef session, you must press the logout button in the Clef app, or wait for the automatic logout timer to expire. This timer is adjustable, and it is set to 1 hour by default when you first log in to Clef.

@floris good morning,

Not yet . . . see this guide.

@westcoastradio good morning,

Wp_mail()-based email failure is a fairly common issue WordPress-wide, and several web hosts suggests switching to SMTP for a resolution. For example, see WP Engine’s help doc on wp_mail and SMTP.

Can you try switching to SMTP, and then test whether the invite emails are being sent successfully (e.g., if you have a Gmail account, create a new user WP with an email that is an alias of your Gmail address like this UserXYZ+alias@gmail…). Also, if you use Postman SMTP, turn on the log, and make sure your server is not returning any errors on send.

@goddess_dix thanks for the feedback. I’ve updated that place in the guide to clarify where to make the logout hook change.

I’ll need more info on your setup to guide you to a resolution. If you are still getting the error, can you send me a note at [email protected] with the URLs in question, an explanation of how you are set up with CloudFlare (e.g., are you on the free tier, pro account; are you full-page-caching; are you using the WAF; etc.?), and whether you are running any additional security plugins.

Ordinarily, if you’re using CloudFlare’s free tier, unless you are inadvertently full-page-caching your login script, you should’t need to whitelist Clef’s servers.

@icyapril — thanks for the help!

@athenswebstudio, if you get stuck updating PHP, note that we pushed an update in version 2.5.2 that removes the dependency on namespacing and thus makes the plugin work on PHP versions prior to 5.3.

(We still recommend following the WordPress guidelines and updating to the most current stable PHP version — and if that’s not possible, updating to at least PHP 5.6.)

@the.mnbvcx

Thank you for reporting this issue. I have verified it and submitted a fix (beta).

The change for the fix is very small and thus should be safe to run; if you would like to test drive the beta (and loose the error message), delete the currently installed plugin via the Plugins menu, then download this beta .zip and install via the Plugins -> Add New -> Upload option (near the top).

Please let me know if you run into any issues.

@westcoastradio

Thanks for the question. The Clef 2FA plugin uses the wp_mail() function to send the invitation emails (see this method, which calls wp_mail() here).

Troubleshooting-wise, this means that, if you’re experiencing issues with Clef invitation emails being sent out, it is a good idea to do one of the following:

• switch to SMTP for sending WordPress emails (e.g., use a plugin such as Postman SMTP or Easy WP SMTP) — ordinarily, SMTP is considered to be a more stable/consistent method for sending emails than the wp_mail()/PHP script method. The Postman plugin includes a log, which is helpful for toubleshooting.
• troubleshoot wp_mail(); for starters Chad Butler has (dated but still useful) troubleshooting guides here and here. Some hosts limit PHP’s ability to send emails in order to try to reduce spam, so be sure to look at your host’s documentation on sending emails from scripts.

Note that the Clef 2FA plugin will return an error message if its invitation emails fail to send (see here); if you are running a security plugin that suppresses error messages, you likely need to disable that feature in order to see the errors.

@all

If you are seeing the PHP syntax error after updating to version 2.5.1, please see this guide.

@athenswebstudio, can you check what PHP version your server is running?

In my testing I’ve only been able to reproduce this syntax error on PHP versions older than 5.3.1, which was released in 2009, and which introduced namespacing support ( https://secure.php.net/releases/).

WordPress recommends at least PHP 5.6 or greater (https://www.ads-software.com/about/requirements/).

@athenswebstudio, is your server running an object cache (or are you on a managed hosting platform that utilizes a server-side cache such as Godaddy Managed Hosting, WP Engine, etc.)? If so, can you try flushing the object cache?

If doing so does not clear the PHP warning, can you send me an email at [email protected], and I’ll follow up.

@losteineu, we’d love to help, but first we’ll need some info about your hosting setup and WP configuration. Security-wise, it’s best not to post info such as your server’s directory structure publicly. When you are ready to begin the troubleshooting process, please send an email to [email protected].

Hi losteineu,

I’m sorry to hear that something is not working correctly. Do you remember whether you were shown any error messages?

Can you send me a note at [email protected] with your site’s URL, and I’ll follow up with you.