Recent Posts


« | Main | »

Securing WordPress 3.x Multi-Site

By Dale Reagan | February 6, 2011

WordPress 3.x is a dual-use Internet Publishing solution – use it for a single domain, host multiple sub-domains (or sub-folders) or host multiple, unique domains. Start with the foundation before getting into WordPress specific solutions – are each of your server base components up-to-date and secure as needed/possible?:

In many cases you may have little to no access to any of the above – your ‘host’ takes care of such items; your job is to keep your WordPress software components up-to-date and secure as needed/possible:

Ok, you are up-to-date with the above – what else can you do?

Select and use trusted WordPress security plugins along with a secure approach to managing your WordPress site(s). Note that solely relying on a third party for ‘trust’ may not provide adequate protection, i.e. only download and use plugins and themes from reliable web sites (i.e. WordPress.Org.)

Some suggested security-related plugins:

While not a plugin, the information presented by Jeff Starr for his 3GBlacklist may also be of use – in addition to providing examples for either .htaccess files or Apache configuration files.  This approach is actually quite similar to how mod_security works (via pattern matching) with the advantage that you can use it on any Apache host where you have .htaccess editing enabled.  I do, however, suggest using mod_security since it will ‘protect’ your entire server, not just a single WordPress install…

Tools for putting your WordPress install into Maintenance Mode

While not really a security solution this is something that is needed form time to time, and hopefully a reasonable solution will be included in a future release of WordPress.  During my test, the first three of these plugins worked fine for single WordPress instances – they did NOT work for shutting down a multi-site ‘network’.  They do, however, provide some configuration options including message/page display choices and ‘timers’.  Also, you could activate these plugin site-by-site and then configure and enable them; At this time I have not found a solution for covers both scenarios (lock down and entire network or lock down selected sub-domains.

  1. offlinemode
  2. maintenance-mode
  3. wp-maintenance-mode
  4. website-shutdown:  this works by creating a PHP ‘failure’ error – not the best solution, but the only plugin in this set that effectively locks down an entire WordPress Multi-site ‘network’ install (with one click.. – it is either ON or OFF.)


Topics: Computer Technology, System and Network Security, Unix-Linux-Os, Web Problem Solving, Web Technologies, Wordpress Software | Comments Off on Securing WordPress 3.x Multi-Site

Comments are closed.

YOUR GeoIP Data | Ip:
Continent: NA | Country Code: US | Country Name: United States
Region: | State/Region Name: | City:
(US only) Area Code: 0 | Postal code/Zip:
Latitude: 38.000000 | Longitude: -97.000000
Note - if using a mobile device your physical location may NOT be accurate...

Georgia-USA.Com - Web Hosting for Business