Securing a WordPress Multisite

Securing a WordPress Multisite
datum-geschreven 8 Jan 2024

Is securing a WordPress multisite different from securing a single WordPress site?

You have more data, which is self-explanatory, including more tables in one database. All the regular tables of a single site are duplicated for each site you add.

For example, if you have usual tables like wp_options, wp_posts, now you will have them with an additional prefix. For instance, wp1_options, wp1_posts, and so on, depending on the site number.

multisite in WordPress database

What happens at the server level when you set up a Multisite?

In the uploads folder, you will now have a “sites” folder with a corresponding number as in the database. For your first site, a folder named “1” will be created, where all the files uploaded by the users of that site will be stored.

WordPress multisites

A quick note, the wp-config file will get some additional lines when you start with a Multisite, including:
define(‘WP_ALLOW_MULTISITE’, true);
(So, don’t remove this!)

What happens with the users?

It’s important to mention that a user who signs up as a subscriber is automatically subscribed to all sites within your Multisite.

The admins of a site within the Multisite cannot install plugins or themes. This must be done by the so-called “Super Admin” of the Multisite.

Advantages of a Multisite

You have multiple websites, but fortunately, only one WordPress installation to update. You don’t have to go through each WordPress site individually. The same applies to the plugins; the plugins in the main folder are used, so you don’t need to go through all the plugins of each site.

Is a Multisite less secure than having 2-3-4 separate WordPress websites?

It entirely depends on how you handle the sites.

The risk with separate sites is that you might not update everything on time.
The downside of a Multisite is the problem that arises once attackers gain access to your database, as they can directly access the content of all sites.

When considering a Multisite, you should also take into account that it may face more database attacks, as it is linked to multiple websites.

The use of strong passwords, unique usernames, and up-to-date plugins are the key to securing any type of setup.

De meeste artikelen worden geschreven door Mathieu Scholtes, de eigenaar van WPBeveiligen. Op de hoogte blijven van het laatste WordPress nieuws? WordPress tips? WordPress aanbiedingen?
Connect dan op Linked-in!

Heb je een vraag? Tip of gedachte? Deel die!

Breng me op de hoogte
0 Reacties
Inline Feedbacks
Bekijk alle reacties