The Ultimate WordPress Multi Site Network Management Guide

If you run more than one WordPress powered website, updating them all each time there is an update can be a pain. Not to mention the handful of plugins used on each website that need to be maintained! Luckily it’s possible to run anywhere from one to a few million blogs off one WordPress install, thanks to multi site.

By following this guide I'll show you how best to setup and run your WordPress network making your life easier and minimising the effort of maintenance - giving you more time to do what WordPress is there for. Blog!

The Ultimate WordPress Multi Site Network Management Guide


Note: This guide doesn't go into any details on setting up hosting environments, I'm assuming your hosting is up to par to run WordPress, and handle all traffic you except to receive. If you need any specific help give me a shout in the comments and I’ll help you get on your way!

What is Multi Site?

Up until WordPress.3.0 WordPress Multi User was previously a different system to the normal single blog version of WordPress. As of version 3.0 the two separate systems were merged. Multi Site is what allows multiple WordPress websites to be powered off a single install. WordPress.com is an example of a prominent site running on Multi Site.

What are the Benefits?

  • All updates in one place, no matter how many blogs
  • Each plugin only needs to be updated once
  • Many settings need to only be tweaked once
  • Essentially you only have one site to take care of

Requirements

You'll need to decide what site will be the main site which the others will run off. You can use any site you wish. Firstly make sure your website is running on the latest version of WordPress.

You'll also need to make sure your current hosting allows the following:

The Apache module mod_rewrite if your blog is already using pretty permalinks then you know you have this feature.

If you want to use subdomain sites which are needed for using different domains on your site's network you'll need: Wildcard DNS support.

What are Wildcard DNS?

Wildcard domains allow you to use anything for the third level domain. They are called wildcards due to the fact you can use any word in the 3rd level domain.

Examples:

  • demo.example.com
  • hello.example.com
  • bye.example.com

In the control panel for your domains you need to setup a wildcard domain on the domain your WordPress install is installed on.

For example, if you aim to use mainsite.com as your main site. and small-site.com as a site running on the network, you'd make the wildcard domain on mainsite.com. This will differ slightly between different control panels.

You’ll either have to add a subdomain, using * as the name, or your CP may have an option to "add wildcard domain". Whichever way you do it you’ll need to then host/park the subdomain to your main domain, jargon may change depending on who you talk to, and what host you’re on.

It’s also a good idea to contact your hosting provider to ask them if they know of any problems with their hosting and WordPress Multi Site. Disable all plugins as there may be unknown issues with them during setup, and make a complete backup of your site’s files and database so you’re safe in the event something goes wrong.

Lets Get Started!

Note: It’s a good idea to play around with this on a demo site first, if you have any unused domains I recommend trying this out on one of them first. Practice makes perfect!

Now that you know your site meets the requirements we can get started. Multi Site allows us to choose between sub directory sites, or sub domain sites. As we’re going to be running sites with different domains on our network we need to select the subdomain option which requires us to create a wildcard domain.

For this part of the guide I’m going to skip installing the single WordPress install. It’s just your run of the mill single blog install. Be sure to install your site in the root directory, this is required for the domain mapping plugin.

Here's a great guide on installing WordPress and a guide on how to move WordPress.

Once you have WordPress installed. In your wp-config.php file add:

define('WP_ALLOW_MULTISITE', true);

Note: Make sure it’s just before the line /* That's all, stop editing! Happy blogging. */

Next go to your WordPress Dashboard and under the tools menu you’ll see a new option called network.

Click on this and you’ll come to the install page for Multi Site.

Enter your desired name for the network, and the email of the account you wish to be the site admin, the account which will have total control over the network. If you enter the email of your current account, that account will be used, otherwise a new account will be made.

You’ll be given a code to add to both wp-config.php and .htaccess, is will look something very similar to the code below. Use the code WordPress provides you.

wp-config.php

define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', true);
$base = '/';
define( 'DOMAIN_CURRENT_SITE', 'www.sitename.com' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );

.htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule  ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

Adding your Other Sites to the Network

Moving the Content Over

In the dashboard of the site you want to move to the network go to tools, then export. This will download an .xml file with all your content.

In your network admin go to sites, then add new, name the site to whatever applies, and add the admin email.

Domain Mapping

In the dashboard for this new site under tools go to import, and import the corresponding xml file. (Note: the import tool isn't part of WP core anymore, you’ll be asked to install it as a plugin).

You’ll need to change the permalink setup to match the corresponding site or else once the domain is mapped over, your site will have dead links. Not something we want! Lastly copy over your theme and any plugins you require. Double check all your settings.

Domain Mapping

WordPress MU Domain Mapping is the plugin that will be used to map the full domains to their network counterpart. This can be a tricky issue, and requires a guide on its own. Here is a great guide on installation. Once you have this install your site should now be running on the new network! We’re not done yet though. We’ll now aim to protect your hard work, and make life easier when running it.

Security

It’s important to make sure your WordPress install is secure as now you’ll have more than one blog running off it. WordPress by default is very secure, as long as you’ve got it setup correctly and your hosting is up to scratch you should be fine. Your aim should be to protect your site by locking down as much access to it as possible.

You need to think of your WordPress site as more than WordPress, it’s only a part in a massive system.

In your hosting. there is also

  • Apache / Nginx
  • PHP
  • http
  • Linux / Windows

That’s a lot of areas where things could go wrong. Choose your host wisely.

Securing WordPress

Securing a network install is exactly the same as securing an ordinary WordPress install. Though in a way it’s easier to keep a network secure as you’re more likely to keep it up to date than keep a dozen different WordPress sites updated.

File Permissions

Make sure your file permissions are correct. Check with your host as to how exactly this should be set up. If they’re interested in your security they’ll help out.

wp-config.php Hacks

By changing your table prefix form the default you’ll add that extra bit of security to your site. For example:

$table_prefix  = 'maindhfh48hd_';
define('FORCE_SSL_ADMIN', true);

Adding some salts for WordPress cookies. You can get them from http://api.wordpress.org/secret-key/1.1/.

.htaccess Hacks

To stop people browsing your WordPress files.

Options All -Indexes

Cut Down on Comment Spam

Deny comment posting to no referrer requests.

RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.*yourblog.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]

extra protection to your wp-config.php
<Files wp-config.php>
Order Deny,Allow
Deny from All
</Files>

Remove WordPress Generator Tag

remove_action('wp_head', 'wp_generator');

Remove Login Errors

add_filter('login_errors',create_function('$a', "return null;"));

WordPress Plugins

Installing Plugins

Exploit Scanner
This plugin searches the files on your website, as well as the posts and comments tables of your database for anything suspicious. It also examines your list of active plugins for unusual filenames.

Exploit Scanner

Secure WordPress
Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.

Secure WordPress

Stealth Login
This plugin allows you to create custom URLs for logging in, logging out, administration and registering for your WordPress blog. You can create a url of your choice that can be easier to remember than wp-login.php.

Stealth Login

Askapache Password Protect
This plugin doesn't control WordPress or mess with your database, instead it utilizes fast, tried-and-true built-in Security features to add multiple layers of security to your blog. This plugin is specifically designed and regularly updated specifically to stop automated and unskilled attackers attempts to exploit vulnerabilities on your blog resulting in a hacked site.

AskApache Password Protect

Admin Account

Use a different user account for the admin account. Don't use this account to publish posts or comments. This stops potential hackers from knowing your username for the admin account, so they know neither your password nor username.

Hosting Provider

Check your hosting environment, is all the software used up to date? If your host has a bad reputation I recommend moving to another host. You’re only as secure as your weakest link.

Your Database

Often an area that is forgotten about is your database, a vital part of your site.

  • Cut down on the privileges your database user has.
  • Only allow it access to the one database.
  • Limit its privileges
  • Use a secure password, you'll hardly ever need to enter it so make it good!

Monitoring Your Site

Now that you have your site secure you should do regular security checks to ensure all the work you’ve done is still intact. Check your logs to see what bots are visiting your site and see what they focus on most. Ensure those areas are secured and add the bots to the block list. You can read more about: How to Protect Your WordPress Blog From Getting Hacked.

Speed

Now that you only have one site to maintain why not put in some extra effort in running it! You have it secure, now why not make it faster?

W3 Cache
W3 Total Cache improves the user experience of your site by improving your server performance, caching every aspect of your site, reducing the download times and providing transparent content delivery network (CDN) integration. Here we have another article that can help you make your WordPress Database faster.

W3 Cache

Cloudfare
A new service that caches your whole site, improving speed by a considerable amount. They have a tiered pricing plan, but a free version is available. Cloudfare also provides some great added security from DDOS and other threats that could otherwise harm your site.

Cloudfare

Back Up Your Site

Now that you have all your sites setup and installed I’ll show you a few ways to make life easier running your WordPress network.

Regularly backing up your site gives you extra peace of mind, here are a few useful plugins for backing up both your files and database.

VaultPress
VaultPress provides you with fully automatic backups, real-time continuous monitoring of all your site’s files as well as its database. It vastly improves your site security and gives you piece of mind knowing your site won’t disappear off the face of the earth - they keep numerous backups. This is a premium service with a price which could end up costing more than your hosting.

VaultPress

BackupBuddy - Premium
BackupBuddy is an all-in-one solution for backups, restoration, and migration. Back up to your server, Amazon S3, a FTP/FTPS account, or an email. Use the backup with the Importing & Migrating script to quickly and easily restore your site on the same server or even migrate to a new server with a different domain and database.

Backup Buddy

WP-DB-Backup - Free
WP-DB-Backup allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.

WP-DB Backup

Conclusion

As with any system, the bigger it gets the more scaling is required. WordPress.com is a great example of what a WordPress network can cope with about 20 million blogs hosted. Though there is quite an amount to do when looking at this post. It is worth the extra effort. WordPress has a famous 5 minute install, but without a doubt it’s worth spending more time making sure your site is safe, so you can blog worry free.

Any time you spend setting your Network up will be regained with an easy to run Network. Have you setup a Network with Multi Site yet? Is this something you’d be interested in setting up?

Opinions expressed in this article are those of the author and not necessarily those of Onextrapixel.