Is securing a WordPress multisite different from securing a single WordPress site?
You have more data, which is self-explanatory, including more tables in one database. All the regular tables of a single site are duplicated for each site you add.
For example, if you have usual tables like wp_options, wp_posts, now you will have them with an additional prefix. For instance, wp1_options, wp1_posts, and so on, depending on the site number.
What happens at the server level when you set up a Multisite?
In the uploads folder, you will now have a “sites” folder with a corresponding number as in the database. For your first site, a folder named “1” will be created, where all the files uploaded by the users of that site will be stored.
A quick note, the wp-config file will get some additional lines when you start with a Multisite, including:
define(‘WP_ALLOW_MULTISITE’, true);
(So, don’t remove this!)
What happens with the users?
It’s important to mention that a user who signs up as a subscriber is automatically subscribed to all sites within your Multisite.
The admins of a site within the Multisite cannot install plugins or themes. This must be done by the so-called “Super Admin” of the Multisite.
Advantages of a Multisite
You have multiple websites, but fortunately, only one WordPress installation to update. You don’t have to go through each WordPress site individually. The same applies to the plugins; the plugins in the main folder are used, so you don’t need to go through all the plugins of each site.
Is a Multisite less secure than having 2-3-4 separate WordPress websites?
It entirely depends on how you handle the sites.
The risk with separate sites is that you might not update everything on time.
The downside of a Multisite is the problem that arises once attackers gain access to your database, as they can directly access the content of all sites.
When considering a Multisite, you should also take into account that it may face more database attacks, as it is linked to multiple websites.
The use of strong passwords, unique usernames, and up-to-date plugins are the key to securing any type of setup.