How to Make Your WordPress Multisite Network Secure?5th October 2018
WordPress is a free Content Management System (CMS) and is highly popular among bloggers. Also, WordPress is the leader of the CMS market due to its ease-of-use, beginner friendliness, and is highly customizable.
Do you know that you can run multiple blogs/sites from a single WordPress installation?
If not, the feature is called WordPress Multisite, or sometimes, also called WordPress MU.
What is WordPress Multisite?
By default, a single WordPress installation allows you to run one blog/site.
However, you can run and manage multiple blogs by enabling WordPress multisite from a single WordPress dashboard.
And to enable WordPress Multisite, you should add the following line to the wp-config.php file:
define( ‘WP_ALLOW_MULTISITE’, true );
And you can use the multi-site feature in three different ways.
- Sub-domains: You can maintain multiple subdomains as different sites.
For example, if you have http://example.com, then you can run http://sub1.example.com, http://sub2.example.com, http://sub3.example.com, and so on.
- Sub-directories: Instead of having different subdomains, you can use the same domain name but with different directors.
And so on.
- Multiple-domains: If you want to have multiple different domain names under single WordPress installation, that is also possible.
For example, you can run
And so on, in a single WordPress installation.
Securing WordPress Multisite Network
Firstly, you need an SSL certificate. And that depends on how you chose to use WordPress Multisite Network.
For the sub-directory type of setup, a regular SSL certificate would do fine.
Else, you will need a wildcard SSL certificate if you choose to maintain multiple sub-domains. Noe that, a single wildcard SSL certificate can cover all your subdomains. Many wildcard SSL certificates come with support for an unlimited number of subdomains.
For multiple domain setup, two options are available.
- Buy a separate SSL certificate for each different domain. Configuring multiple SSL certificates can become burdensome if you have more domains.
- Otherwise, you can opt for a Multi-Domain SSL Certificate. So, one SSL certificate can support multiple main domains.
Once you decided how you want to go forward with the WordPress Multisite Network, follow the below steps to secure your WordPress Multisite Network.
HTTPS is the secured version of the HyperText Transfer Protocol (HTTP). And HTTP is the standard protocol used on the internet so that web browsers can load and render web pages using HTTP.
Follow the below steps to enable HTTPS on your WordPress Multisite Network:
- Navigate to the Network Admin Dashboard
- Click on Settings
- Select Domain Mapping
- Move down on the Page to find Force http/https
- Select Yes for ‘Would you like to force https in admin and login pages.’
- select the Force https when questioned ‘Would you like to force http/https in front-end pages.’
Once that is done, you are set to configure your SSL certificate on the web server. Note that depending on how you configured WordPress Multisite you may need to do some more tweaks.
Installing/Configuring SSL certificate
This step depends on how you have hosted WordPress.
Managed WordPress service like WPEngine and Kinesta already come with a free SSL certificate. And if you have hosted using a service like GoDaddy or HostGator, you should contact them to know on how to proceed with the SSL certificate configuration.
Else, if you are self-managing your WordPress, then it depends on what web server you are using like Apache HTTPd, Nginix, etc. Moreover, depends on what Operating System you are using like CentOS, Debian, or Ubuntu.
Free SSL Vs. Paid SSL Certificate: Which is Best for You?
Now you have figured out how to configure SSL to secure your WordPress Multisite Network.
A question you often come across is, whether to buy an SSL certificate or to settle for a free one.
Free SSL certificates do not cost you anything initially.
But a Free SSL also means you might not have proper technical support. Moreover, when you are struggling with an issue, the only help you can get is through forums or some blogs.
So, what if your issue is something new and there is no solution available?
You will have a hard time moving forward. For that reason, free SSL certificates are not suitable for something critical.
Moreover, not all Free SSL providers will support wildcard or multi-domain certificates. That means a separate certificate has to be generated for each domain/subdomain. And it can become hard to configure them.
However, they work well for low traffic websites and for not so important sites.
If you need a Free SSL, then getting one Let’s Encrypt is a great option. They also support wildcard certificates. But there is no support for bare IP address-based websites.
Paid SSL certificates are great for business use cases. And they often come with better flexibility, 24/7 technical support, and warranties.
Some paid SSL certificates come with additional perks like free malware scanning, unlimited server support, etc.
When it comes to business-critical websites, you should go for a paid SSL.
However, they will add a little burden to your budget. Moreover, multi-domain certificates will cost you a lot despite the ease of configuring them.
One notable feature that comes along with Paid SSL is automatic renewal and the period for each renewal will also be long enough. However, that will not be the case with Free SSL and will cost you in terms of time and effort required.
Some good Certificate Authorities (CA) to buy paid SSL certificates are:
No matter whether you buy it from certificate authorities or from resellers, you will be issued all the certificate from respective CAs only. Here you can definitely save money if you choose the SSL2Buy.
SSL2BUY offers all these wildcard SSL certificates at a highly discounted price as compare the certificate authority and their other competitors. you can buy the AlphaSSL Wildcard SSL Certificate at $40 when you buy for 2 years.
While WordPress multisite seems like a great feature, it might not be for everyone. So, evaluate your options before proceeding to choose a WordPress Multisite solution.
Because after you configure everything like SSL, if you want to change, it can cost you significantly in terms of time and money.