WordPress Multisite Security Considerations

Understanding Multisite Security

WordPress Multisite allows running multiple websites from a single WordPress installation. While efficient, this architecture introduces security complexities since all sites share the same codebase, database, and often the same hosting environment. A vulnerability in one site can potentially affect the entire network.

Multisite-Specific Risks

Shared Attack Surface

All network sites share:

• WordPress core files
• Plugins and themes
• Database server
• Server configuration

A compromise in any shared component affects all sites.

Super Admin Privileges

Super Admins have network-wide control, making these accounts extremely high-value targets.

Plugin and Theme Management

Network-activated plugins run on all sites. A vulnerable plugin exposes every site simultaneously.

Cross-Site Escalation

Attackers who compromise one site may attempt to escalate privileges to access other network sites or the entire network.

Network Administration Security

Protect Super Admin Accounts

• Limit super admin accounts to absolute minimum
• Require strong passwords
• Mandate two-factor authentication
• Use unique, non-obvious usernames
• Monitor all super admin activity

Separate Admin Credentials

Site administrators should not have super admin access unless necessary. Use the principle of least privilege.

Audit Network Settings

Regularly review:

• User registration settings
• Site creation permissions
• Upload restrictions
• Plugin installation rights

Plugin and Theme Control

Centralized Plugin Management

Benefits of network activation:

• Consistent security across sites
• Easier update management
• Reduced attack surface

Plugin Restrictions

Control which plugins site admins can activate:

• Allow only vetted plugins
• Block installation of new plugins
• Maintain approved plugin list

Theme Management

Network-enable only approved themes. Prevent site admins from installing custom themes that may contain vulnerabilities.

Database Security

Table Prefix Strategy

Multisite uses unique table prefixes for each site. Ensure the base prefix is not the default wp_.

Database User Permissions

The database user needs access to all network tables. Ensure it has only necessary permissions, not root access.

Regular Backups

Backup the entire database, not just individual site tables. Network options and user tables are shared across all sites.

Network-Wide Security Measures

Security Plugin Configuration

When using security plugins on Multisite:

• Network activate for consistent protection
• Configure network-wide settings
• Allow site-specific overrides when appropriate
• Monitor all sites from network dashboard

Firewall Rules

Apply WAF rules network-wide to protect all sites equally.

Login Protection

Implement network-wide:

• Brute force protection
• Login attempt limiting
• Two-factor authentication
• Custom login URLs (if applicable)

Site Isolation

Logical Separation

While sites share infrastructure, maintain logical separation:

• Separate upload directories
• Individual site settings
• Site-specific user roles

Resource Limits

Prevent single sites from consuming excessive resources:

• Upload quotas
• Disk space limits
• Bandwidth restrictions

User Management

User Registration

Control who can create accounts:

• Disable if not needed
• Require admin approval
• Verify email addresses
• Use CAPTCHA

Site Creation

If allowing user site creation:

• Require login
• Review new sites
• Apply default security settings
• Monitor for abuse

Cross-Site Users

Users may have accounts on multiple sites. Manage permissions carefully to prevent unintended access.

Updates and Maintenance

Coordinated Updates

Updates affect all sites simultaneously:

• Test in staging first
• Schedule during low-traffic times
• Have rollback plan ready
• Notify site administrators

Maintenance Mode

When performing maintenance, consider whether all sites or specific sites need to be affected.

Monitoring and Auditing

Network-Wide Logging

Aggregate logs from all sites for:

• Attack pattern detection
• Cross-site attack identification
• Centralized incident response

Site Health Monitoring

Monitor each site for:

• Malware infection
• File changes
• Performance anomalies
• Security violations

Conclusion

WordPress Multisite requires careful security planning due to shared infrastructure. Protect super admin accounts, control plugin and theme installation, implement network-wide security measures, and monitor all sites collectively. A security breach in one site can have network-wide implications.