This is really a short note but may require some thinking when one run into it… so there you go.
Let me start by saying that I do have strong preference sub domain based WordPress Network instance over sub-folder.
In my opinion it is easier to maintain, and allow to manage stronger security.
Ok, “what is the problem?”, you ask.
Let’s say you have setup your blog as sub-domain to your main site. It may be the same machine or different instance altogether.
You run it for a while and there come time when you decided you want to host second blog and want to share the same WordPress instance.
Multi site support in WordPress is for a while and it is easy to setup and easy to maintain.
For most part that is it – simply follow these steps.
But there is a catch, if you run blog on the sub-domain, network setup wizard would warn you that you cannot enable network using sub-domain.
Not a problem – modify your wp-config.php by adding the following lines
/* Multisite */ define( 'WP_ALLOW_MULTISITE', true ); /* Multisite */ define('MULTISITE', true); define('SUBDOMAIN_INSTALL', true); define('DOMAIN_CURRENT_SITE', '<your-domain-name>'); define('PATH_CURRENT_SITE', '/'); define('SITE_ID_CURRENT_SITE', 1); define('BLOG_ID_CURRENT_SITE', 1);
Now you can logoff and log back in and you should be able to create new sit using different sub-domain.
This is not all – what you will most likely run into is inability to use the same users across both sites.
Note: It is important to understand that by using the same names across multiple sites you may slightly reduce your security protection.
So make sure that you are:
- Keep your Network instance up to date with updates
- Using Security plugin like iThemes Security
- Change admin user to something other than “admin”
- Protect site from brute force attacks
What could happen is that when trying login to second site or switch between sites from Admin panel you would get message that your browser does not support cookies or you will not be able navigate to second site’s Dashboard.
What is the problem? Problem is how WordPress maintains user session using cookies.
To fix it add one more line into your wp-config.php file
define( 'COOKIE_DOMAIN', $_SERVER[ 'HTTP_HOST' ] );
Now you should be all set