Regular updates keep WordPress secure and expand the feature set, ensuring the platform meets both the developer’s and their client’s needs.
The flipside of regular updates is the maintenance of WordPress installs. Once you start maintaining more than a few installs for your clients, keeping both plugins and WordPress up to date can become a bit repetitive.
Setting up a WordPress Network, using the multisite feature, reduces maintenance time. Upgrading all your sites becomes almost as easy as upgrading it for one.
Setup hosting to allow wildcard sub-domains
I’ve found setting up a WordPress network in sub-domain mode –
site2.example.com – works slightly better than it does in sub-directory mode.
Sub-domain mode requires you set up wildcard aliases for your web and DNS servers. Setting up a wildcard alias in Apache requires a single line be added directly below the appropriate ServerName command:
On your DNS server, you need to add a wildcard sub-domain pointing to your ip address:
The WordPress Codex provides further information on setting up wildcard domains for various control panels.
Install WordPress and setup Network
You need to setup a WordPress network from a fresh install of WordPress. As a reader of Digging into WordPress, you can probably do this in your sleep.
Unlike a standard WordPress install, a WordPress Network must be installed in the root directory of a web server. I purchase domains for this purpose but you can use a sub-domain.
wp-config.php file has been generated, you need to add this line to the file:
You then need to visit WP Admin > Tools > Network where the instructions to create a network are easily followed. The Create a Network page in the codex is also helpful.
You’ll be ask to make changes to the
wp-config.php files and create the directory
Decide on limitations
Before setting up clients on a WordPress site, you need to decide what you’ll permit them and their visitors to do. The settings you choose here affect everyone from site administrators down.
The settings to consider are (the settings I use are in brackets):
- Can site administrators create new users? (No)
- Which media upload buttons appear above the visual editor? (All)
- How much disk space does each site have for uploads? (Unlimited)
- What types of files can be uploaded? (Default listing)
- Maximum upload size of an individual file? (20000 kb)
- Is the plugins menu enabled for sites? (No)
I strongly advise you to keep the plugins menu disabled too. Your client is paying you to maintain WordPress because they lack the technical expertise; you don’t want them to enable WordPress Reset and delete everyone’s database.
Registration settings for the network need to be configured to. As this is for hosting your client’s sites, you’ll want to disable registration of new sites. You can choose to disable registrations entirely or allow user accounts to be registered.
To keep track of who is using the system, I disable registrations entirely. Site owners contact me when they need to add another user. Disabling registrations also prohibits requiring visitors to register before they can comment.
Once you’ve considered the limitations you want to apply to your clients, set them up at WP Admin > Super Admin > Options.
Adding clients to a WordPress Network
You can add users to the network at WP Admin > Super Admin > Users. I use a standard format for usernames to make searching easier.
With users added, you can now add their sites through WP Admin > Super Admin > Sites. Once their site is added you need to:
- Edit the site (hover over the site in the list and click edit)
- Enable the theme/s for the site
- Add users with appropriate permissions to the site
Install Domain Mapping Plugin
Unzip the plugin on your local machine, upload
domain_mapping.php to the directory
/wp-content/mu-plugins (create it if it doesn’t exist) and upload
/wp-content/. In your
wp-config.php file add the line:
define( 'SUNRISE', 'on' );
Go to WP Admin > Super Admin > Domain Mapping and set your server’s IP address or its domain name in the CNAME entry. I always enable permanent redirect and usually enable user domain mapping page. If using a caching plugin (see below), I disable redirect administration pages.
You can then add domains to your client’s sites by visiting WP (Client Site) Admin > Tools > Domain mapping.
Otto has written up a great guide to using the domain mapping plugin.
A poorly coded or insecure plugin can cause enough problems on a standalone WordPress install. BecauseÂ a WordPress Network uses the same files and database across multiple sites, the problems are compounded.
Choosing plugins for a WordPress Network requires a glass half empty approach. The feature list of a plugin will tell you what it adds to your site, the code and support forums tell you what it takes away.
A good approach to take is to stick to plugins and plugin authors that are well-respected within the WordPress community. Plugins used on WordPress.com are a good starting point, as are plugins by Yoast, Donncha, and Automattic.
Big name or not, review the plugin’s code before installing it on your WordPress Network. Look for forms using nonces, wide use of the WordPress APIs, escaped database queries, among other things.
Hosting more sites on your server uses more resources so you should find ways to lighten the load.
If you’re creating bespoke themes for your clients, you probably have a standard starting point. If you’re not already doing so, you should use parent & child themes so you can fix bugs in your starting point and the changes instantly propagate to all the sites you host.
If you want to lower resource use further, install a caching plugin. I use W3 Total Cache on my server. It’s not easy to configure but when I did so, I saw an immediate drop in resource use and, more importantly, Pingdom reported a five-fold drop in response times.
Total Cache makes significant changes to the
.htaccess file so exactly the same settings need to be used for all sites on your network.
Security, security, security
As I said earlier, a WordPress network shares files and the database across multiple sites. Any security issues a plugin, or theme, introduces are compounded as a result.
I can’t emphasise enough the importance of putting security first.