Post ID: 1049
Title: Multi-Site Network Configuration
Slug: multi-site-network-configuration
Publication Date: 2024-12-20
Author: Admin
Status: Published
Comment Status: Open
Excerpt: Deploy Attributes User Access across WordPress multisite networks.
Category
- Primary: Tutorials (7)
Tags
- Tutorials (137)
- Configuration (109)
- Pro Version (119)
Overview
WordPress multisite networks require centralized user management with site-specific permissions. This tutorial demonstrates how to deploy Attributes User Access Pro across a multisite network, implementing cross-site single sign-on, network-wide security policies, and unified audit logging while maintaining site-level customization.
Network Features You’ll Implement
- Network-wide plugin activation
- Centralized user authentication
- Cross-site single sign-on (SSO)
- Network-level security policies
- Site-specific role assignments
- Unified audit logging across all sites
- Per-site customization options
Step 1: Network Activation
Activate the plugin across your entire network.
Network-Wide Activation
1. Log in to Network Admin dashboard
- Navigate to Plugins > Installed Plugins
- Find "Attributes User Access Pro"
- Click "Network Activate"
- Wait for confirmation message
Configure Network Settings
Navigate to Network Admin > Settings > Attributes Access:
Network Configuration:
✓ Enable Network-Wide Features
✓ Centralized License Management
✓ Unified User Database
✓ Cross-Site Session Management
License Settings:
License Key: [Your multisite license]
Sites Covered: Unlimited (multisite license)
Status: Active across all sites
Step 2: Network-Wide Security Policies
Establish security standards that apply to all sites.
Global Password Policies
Navigate to Network Admin > Attributes Access > Security:
Password Policy (All Sites):
Minimum Length: 12 characters
Complexity Requirements:
✓ Uppercase letters
✓ Lowercase letters
✓ Numbers
✓ Special characters
Password Expiration: 90 days
Password History: Prevent reuse of last 10
Apply to: All user roles network-wide
Override: Site admins cannot disable
Network-Wide 2FA Requirements
Two-Factor Authentication:
✓ Enforce 2FA Network-Wide
Require for: Administrators, Editors
Grace Period: 7 days for enrollment
Methods: Email, Authenticator App
Backup Codes: Yes (10 per user)
Remember Device: 30 days
Site-Level Override: No
All sites must comply with network policy
Centralized IP Management
IP Security (Network Level):
Blacklist (Network-Wide):
- Known malicious IPs
- Suspicious proxy servers
- High-risk countries (optional)
Whitelist (Network-Wide):
- Corporate office IPs
- VPN endpoints
- Verified partner organizations
Site-Specific Rules: Allowed
Sites can add additional restrictions but cannot remove network rules
Step 3: Cross-Site Role Management
Configure roles that work across the network.
Global Network Roles
| Role | Access | Capabilities |
|---|---|---|
| Network Administrator | All sites | Manage network settings, all site admin access |
| Network Editor | Assigned sites | Edit content on assigned sites only |
| Network Author | Assigned sites | Publish posts on assigned sites |
| Network Subscriber | All sites | View content across network |
Site-Specific Role Configuration
Example Configuration:
User: john.doe@company.com
Network Role: Network Editor
Site-Specific Roles:
- Site 1 (Corporate): Administrator
- Site 2 (Marketing): Editor
- Site 3 (Sales): Author
- Site 4 (Support): Subscriber
Access Pattern:
✓ Full admin on Site 1
✓ Content editing on Site 2
✓ Post publishing on Site 3
✓ Read-only on Site 4
Step 4: Configure Cross-Site Single Sign-On
Enable seamless authentication across all network sites.
SSO Configuration
Navigate to Network Admin > Attributes Access > SSO:
Single Sign-On Settings:
✓ Enable Cross-Site SSO
✓ Shared Session Tokens
✓ Unified Login URL: /network-login/
SSO Behavior:
- Login Flow: Login on any site → Access all sites
- Session Sharing: Token valid across entire network
- Auto-Login: Automatic authentication when visiting subsites
- Single Logout: Logout from one site → Logout from all sites
Session Configuration:
- Token Expiration: 12 hours
- Remember Me: 30 days
- Secure Cookies: Yes (HTTPS required)
- Domain: .yournetwork.com (wildcard for all subsites)
Unified Login Page
Create a network-wide login page on your primary site:
<div class="network-login">
<div class="network-logo">
<img src="/network-logo.png" alt="Network Name">
</div>
<h2>Network Sign In</h2>
<p>Access all sites in our network with one login</p>
[attributes_login
network_sso="enabled"
redirect="dashboard"
show_2fa="yes"]
<div class="site-selector">
<h3>Network Sites</h3>
<ul>
<li><a href="https://site1.network.com">Corporate Site</a></li>
<li><a href="https://site2.network.com">Marketing Hub</a></li>
<li><a href="https://site3.network.com">Sales Portal</a></li>
</ul>
</div>
</div>
Step 5: Site-Level Customization
Allow individual sites to customize within network policies.
Per-Site Settings
On individual sites, navigate to Site Admin > Attributes Access:
Site-Specific Settings (Site 1 Example):
Custom Login:
- Custom Login Page: /site1-login/
- Site Logo: site1-logo.png
- Background: site1-bg.jpg
- Custom CSS: site1-login-styles.css
Redirects:
- After Login: /site1-dashboard/
- After Logout: /site1-goodbye/
- Role-Based: Administrators → /site1-admin/
Email Templates:
- Welcome Email: site1-welcome-template
- Password Reset: site1-reset-template
- Custom From Name: "Site 1 Team"
- From Email: noreply@site1.network.com
Step 6: Unified Audit Logging
Track activity across all sites from a central location.
Network-Wide Logging Configuration
Navigate to Network Admin > Attributes Access > Audit Log:
Audit Log Settings:
✓ Enable Network-Wide Logging
Log Retention: 365 days
Storage: Centralized database
Export: Monthly CSV reports
Events Logged:
✓ Cross-site logins
✓ Site switching activity
✓ Role assignments/changes
✓ Security policy violations
✓ Failed authentication attempts
✓ Settings modifications
✓ User account creation/deletion
Access Permissions:
- View Logs: Network Administrators only
- Export Logs: Super Admins only
- Real-Time Alerts: Network Admins, Site Admins (own site)
Network Dashboard Widget
Add to Network Admin dashboard:
<div class="network-security-dashboard">
<h2>Network Security Overview (Last 24 Hours)</h2>
<div class="stats-grid">
<div class="stat-card">
<h3>👥 Active Users</h3>
<strong>[attributes_network_user_count period="24h"]</strong>
</div>
<div class="stat-card">
<h3>🌐 Total Sites</h3>
<strong>[attributes_network_site_count]</strong>
</div>
<div class="stat-card">
<h3>🔒 Security Events</h3>
<strong>[attributes_network_security_events period="24h"]</strong>
</div>
<div class="stat-card alert">
<h3>⚠️ Failed Logins</h3>
<strong>[attributes_network_failed_logins period="24h"]</strong>
</div>
</div>
<div class="recent-activity">
<h3>Recent Network Activity</h3>
[attributes_network_activity_feed limit="20"]
</div>
</div>
Step 7: Testing Your Network Configuration
Network Activation Tests
- Plugin active on all existing sites
- Network settings accessible to super admin
- Per-site settings available to site admins
- License valid across all sites
Single Sign-On Tests
- Login on Site 1, access granted
- Navigate to Site 2, auto-logged in
- Navigate to Site 3, auto-logged in
- Logout from any site, logged out from all
- Session timeout works across sites
Security Policy Tests
- Password policy enforced on all sites
- 2FA required per network policy
- IP blacklist blocks access network-wide
- Site admins cannot disable network policies
Audit Logging Tests
- Cross-site activity tracked
- Network logs accessible to super admin
- CSV export includes all sites
- Log retention policy enforced
Best Practices for Multisite Networks
Network Architecture
- Plan role hierarchy before deployment
- Document site-specific requirements
- Establish clear naming conventions
- Create dedicated network admin team
- Regular network security audits
Security Management
- Enforce 2FA network-wide without exceptions
- Use strong password policies consistently
- Monitor cross-site activity patterns
- Centralize IP management
- Regular policy reviews and updates
User Management
- Centralized user creation workflow
- Clear role assignment process
- Regular permission audits across sites
- Documented offboarding procedures
- Self-service password resets
Performance Optimization
- Enable network-wide object caching
- Use CDN for static assets across sites
- Optimize database queries for multisite
- Monitor individual site load times
- Schedule regular maintenance windows
Troubleshooting Common Issues
Solution: Verify all sites use same parent domain. Check cookie domain setting (.yournetwork.com). Ensure HTTPS on all sites. Clear browser cookies and test again.
Solution: Verify plugin is network-activated. Check site hasn’t been excluded in network settings. Re-save network settings. If persistent, deactivate and reactivate network-wide.
Solution: Check database connectivity from all sites. Verify log storage location accessible. Ensure adequate database permissions for all sites. Review log retention settings.
Expected Results
Successful Network Configuration Provides:
- Centralized Management: Single dashboard for network oversight
- Unified Authentication: Single sign-on across all sites
- Consistent Security: Network-wide policies enforced
- Site Flexibility: Per-site customization within policy limits
- Complete Visibility: Unified audit logging and reporting
Next Steps
Enhance your multisite network:
- Integrate with LDAP/Active Directory for enterprise SSO
- Implement network-wide analytics dashboard
- Create automated site provisioning workflows
- Add network-wide content distribution
- Set up cross-site user groups
- Implement network-level rate limiting
