Is WordPress MultiSite secure & how much can it scale?
WordPress.com — single best example of WordPress Multisite at a large scale. Period.
As for the expertise to be able to maintain and manage the cluster — which you should question yourself — it’s a different story.
By creating admins for each subdomain, what security concerns should
we have and how to we address them?
I won’t answer that directly. But what I can tell you is, sometimes vulnerabilities aren’t noticed until some big blog/network gets hacked. You better have measures in place. Hope for the best, prepare for the worst.
Related Posts:
- What is the difference between a cer, pvk, and pfx file?
- Is it possible to decrypt SHA1
- Error `sec_error_revoked_certificate` when viewed in Firefox only
- Why should I use the esc_url?
- Where to securely store API keys and passwords in WordPress?
- Why escape if the_content isnt?
- Full path disclosure on rss-functions.php
- What to use instead of wp_kses() in user output
- Are the default salts secure?
- is_email() VS sanitize_email()
- Subscribe to email for security fixes?
- How to hide admin account in BuddyPress? (for security reasons)
- How to escape custom css?
- Understanding SVG vulnerabilities in WordPress related to a specific fix
- Moving wp-config.php: Can this be done after site launch?
- How to secure or disable the RSS feeds?
- Delete sites in wordpress multisite (not suspend)
- How to synchronize user profile fields in multisite?
- Make password invalid once logged out of password-protected page
- How to get WordPress to save upload file beyond web root [closed]
- Is security a problem in WordPress?
- Moving wordpress out of the public directory
- Logout via Subdomain, non-wordpress page on a different server?
- Get first_name and last_name on user_register hook
- User registration on subsite in multisite configuration
- Can you have multi-site WP and keep users separate?
- Protecting HTML5 video [closed]
- How can I tell who changed the password?
- How to use wp_set_password in a plugin?
- WordPress website Security [closed]
- Do I need to use the esc_html() function on hard coded links?
- Can’t reset WordPress password
- Is the “lost password” feature truly a vulnerability?
- Deleting a user in multisite
- Frontend Password change
- Is it possible to reduce the minimum character length for passwords?
- Handling email piping attachments and detecting unsupported file types
- Downloading File from Outside Web Root
- Cookie nonce is invalid – Multisite
- site get login attempts after htaccess ip restriction
- Is it good security advice to install wordpress in subdirectory but link to root?
- Why was my blog post inserted lot’s of ad links by others?
- Moving wp-config.php up 2 levels
- How Could I sanitize the receive data from this code
- WordPress SQL Injections through User Agent
- Should I Worry About SQL Injection When Using wp_insert_post?
- Is there a way for a user to have an alias?
- How to prevent wp-login brute force attack from thousand of different IP? [duplicate]
- WordPress Multisite plugin delegation
- What permissions should I give directories if I want to make WordPress more secure?
- Security threat with `home_url`?
- When is wp_set_password() called or how to capture a password
- How to protect wp-admin through .htaccess?
- Something is unescaping all html entities before output to browser [closed]
- Add menu items/actions for multisite users who are registered on the network but do not have a role or capability in any sites
- Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
- Multisite User Sync Question about blog authorship
- How to get WordPress to send Password Reset Link Email instead of New Password?
- Preferred method of setting user role only works on Main Site in Network
- Good way to block users within a multisite setup without deleting them?
- Verifying that I have fully removed a WordPress hack?
- Large Session Tokens
- How to change permissions of WordPress and/or apache on macOS securely?
- Using an Encryption class in a WordPress Plugin
- single sign on for wordpress multi site
- Limit Login Attempts BEFORE PHP is executed?
- Which Versions of WordPress Ship with the Patched TimThumb?
- Safe to say WordPress security releases don’t have database upgrades
- Use global variables or function that returns said variables for site-wide private-ish WP settings?
- fail2ban to prevent Brute Force Attacks on WordPress?
- Use Google authentication for pages within a website [closed]
- How to give the same error message when the wrong password or wrong username is used?
- should I escape a literal url added in functions.php
- Moving wp-config.php outside root folder where we have multiple wordpress websites for enhanced security [duplicate]
- Adding Security Keys?
- How might I sanitize an XML file before WP Import? (Does wordpress verify or clean text when importing from an XML document? )
- Secret keys in SCM
- Secure Server after configuration
- Uploading attachment (pdf) and prevent download for anonymous user
- After limiting the access to my wp-login.php by IP through .htaccess, all my password-protected posts stopped working. What’s the best solution now?
- Specific Page/Post Need to Stay Non SSL
- WordPress API – sign-up to multiple Multisites from one single form
- Block JSON access over the net
- Can someone do something to my website if I posted a snapped image of the header and covered my logo? (On reddit, when explaining a question)
- The in-famous Unable to locate WordPress Content directory (wp-content) and the Direct Method
- Security: AWS (shared hosting) claims template file malicious
- How to check whether a site has been compromised without browsing into it?
- My site thinks it’s secure when it is fact not
- Is it possible to only have the admin interface bind to the local loopback?
- PHP Code Sniffer – WordPress VIP Coding Standards
- Trying to understand nature of hacking
- Best way to convert two single WordPress sites into Multisite network with shared user base
- Default installation permissions for wp-config.php
- Correct setup to block file modifications from hackers
- Is my WP site being hacked?
- How do you search for backdoors from the previous IT person?
- Possible to change email address in keypair?
- Why is SSH password authentication a security risk?
- Is wp-cron.php vulnerable to external attacks and how to protect it?
- How to address security vulnerabilities: LUCKY13, BEAST, and BREACH