Multi-Site Network Configuration

Post ID: 1049
Title: Multi-Site Network Configuration
Slug: multi-site-network-configuration
Publication Date: 2024-12-20
Author: Admin
Status: Published
Comment Status: Open
Excerpt: Deploy Attributes User Access across WordPress multisite networks.

Overview

WordPress multisite networks require centralized user management with site-specific permissions. This tutorial demonstrates how to deploy Attributes User Access Pro across a multisite network, implementing cross-site single sign-on, network-wide security policies, and unified audit logging while maintaining site-level customization.

Important: This tutorial requires an active WordPress multisite installation and Attributes User Access Pro license with multisite support.

Network Features You’ll Implement

Network-wide plugin activation

Centralized user authentication

Cross-site single sign-on (SSO)

Network-level security policies

Site-specific role assignments

Unified audit logging across all sites

Per-site customization options

Step 1: Network Activation

Activate the plugin across your entire network.

Network-Wide Activation

1. Log in to Network Admin dashboard
<ul>
<li>Navigate to Plugins > Installed Plugins</li></ul>

<ul>
<li>Find "Attributes User Access Pro"</li></ul>

<ul>
<li>Click "Network Activate"</li></ul>

<ul>
<li>Wait for confirmation message</li></ul>

Pro Tip: Network activation makes the plugin active on all existing and future sites in your network automatically.

Configure Network Settings

Navigate to Network Admin > Settings > Attributes Access:

Network Configuration:
<p>✓ Enable Network-Wide Features
</p>
<p>✓ Centralized License Management
</p>
<p>✓ Unified User Database
</p>
<p>✓ Cross-Site Session Management
</p>

<p>License Settings:
</p>
<p>License Key: [Your multisite license]
</p>
<p>Sites Covered: Unlimited (multisite license)
</p>
<p>Status: Active across all sites</p>

Step 2: Network-Wide Security Policies

Establish security standards that apply to all sites.

Global Password Policies

Navigate to Network Admin > Attributes Access > Security:

Password Policy (All Sites):
<p>Minimum Length: 12 characters
</p>
<p>Complexity Requirements:
</p>
<p>  ✓ Uppercase letters
</p>
<p>  ✓ Lowercase letters
</p>
<p>  ✓ Numbers
</p>
<p>  ✓ Special characters
</p>

<p>Password Expiration: 90 days
</p>
<p>Password History: Prevent reuse of last 10
</p>
<p>Apply to: All user roles network-wide
</p>
<p>Override: Site admins cannot disable</p>

Network-Wide 2FA Requirements

Two-Factor Authentication:
<p>✓ Enforce 2FA Network-Wide
</p>
<p>  Require for: Administrators, Editors
</p>
<p>  Grace Period: 7 days for enrollment
</p>
<p>  Methods: Email, Authenticator App
</p>
<p>  Backup Codes: Yes (10 per user)
</p>
<p>  Remember Device: 30 days
</p>

<p>Site-Level Override: No
</p>
<p>All sites must comply with network policy</p>

Centralized IP Management

IP Security (Network Level):
<p>Blacklist (Network-Wide):
</p>
<ul>
<li>Known malicious IPs</li></ul>

<ul>
<li>Suspicious proxy servers</li></ul>

<ul>
<li>High-risk countries (optional)</li></ul>

<p>Whitelist (Network-Wide):
</p>
<ul>
<li>Corporate office IPs</li></ul>

<ul>
<li>VPN endpoints</li></ul>

<ul>
<li>Verified partner organizations</li></ul>

<p>Site-Specific Rules: Allowed
</p>
<p>Sites can add additional restrictions but cannot remove network rules</p>

Step 3: Cross-Site Role Management

Configure roles that work across the network.

Global Network Roles

Role	Access	Capabilities
Network Administrator	All sites	Manage network settings, all site admin access
Network Editor	Assigned sites	Edit content on assigned sites only
Network Author	Assigned sites	Publish posts on assigned sites
Network Subscriber	All sites	View content across network

Site-Specific Role Configuration

Example Configuration:

<p>User: john.doe@company.com
</p>

<p>Network Role: Network Editor
</p>
<p>Site-Specific Roles:
</p>
<ul>
<li>Site 1 (Corporate): Administrator</li></ul>

<ul>
<li>Site 2 (Marketing): Editor</li></ul>

<ul>
<li>Site 3 (Sales): Author</li></ul>

<ul>
<li>Site 4 (Support): Subscriber</li></ul>

<p>Access Pattern:
</p>
<p>✓ Full admin on Site 1
</p>
<p>✓ Content editing on Site 2
</p>
<p>✓ Post publishing on Site 3
</p>
<p>✓ Read-only on Site 4</p>

Step 4: Configure Cross-Site Single Sign-On

Enable seamless authentication across all network sites.

SSO Configuration

Navigate to Network Admin > Attributes Access > SSO:

Single Sign-On Settings:
<p>✓ Enable Cross-Site SSO
</p>
<p>✓ Shared Session Tokens
</p>
<p>✓ Unified Login URL: /network-login/
</p>

<p>SSO Behavior:
</p>
<ul>
<li>Login Flow: Login on any site → Access all sites</li></ul>

<ul>
<li>Session Sharing: Token valid across entire network</li></ul>

<ul>
<li>Auto-Login: Automatic authentication when visiting subsites</li></ul>

<ul>
<li>Single Logout: Logout from one site → Logout from all sites</li></ul>

<p>Session Configuration:
</p>
<ul>
<li>Token Expiration: 12 hours</li></ul>

<ul>
<li>Remember Me: 30 days</li></ul>

<ul>
<li>Secure Cookies: Yes (HTTPS required)</li></ul>

<ul>
<li>Domain: .yournetwork.com (wildcard for all subsites)</li></ul>

Unified Login Page

Create a network-wide login page on your primary site:

<div class="network-login">
<p>  <div class="network-logo">
</p>
<p>    <img src="/network-logo.png" alt="Network Name">
</p>
<p>  </div>
</p>

<p>  <h2>Network Sign In</h2>
</p>
<p>  <p>Access all sites in our network with one login</p>
</p>

<p>  [attributes_login 
</p>
<p>    network_sso="enabled"
</p>
<p>    redirect="dashboard"
</p>
<p>    show_2fa="yes"]
</p>

<p>  <div class="site-selector">
</p>
<p>    <h3>Network Sites</h3>
</p>
<p>    <ul>
</p>
<p>      <li><a href="https://site1.network.com">Corporate Site</a></li>
</p>
<p>      <li><a href="https://site2.network.com">Marketing Hub</a></li>
</p>
<p>      <li><a href="https://site3.network.com">Sales Portal</a></li>
</p>
<p>    </ul>
</p>
<p>  </div>
</p>
<p></div></p>

Step 5: Site-Level Customization

Allow individual sites to customize within network policies.

Per-Site Settings

On individual sites, navigate to Site Admin > Attributes Access:

Site-Specific Settings (Site 1 Example):

<p>Custom Login:
</p>
<ul>
<li>Custom Login Page: /site1-login/</li></ul>

<ul>
<li>Site Logo: site1-logo.png</li></ul>

<ul>
<li>Background: site1-bg.jpg</li></ul>

<ul>
<li>Custom CSS: site1-login-styles.css</li></ul>

<p>Redirects:
</p>
<ul>
<li>After Login: /site1-dashboard/</li></ul>

<ul>
<li>After Logout: /site1-goodbye/</li></ul>

<ul>
<li>Role-Based: Administrators → /site1-admin/</li></ul>

<p>Email Templates:
</p>
<ul>
<li>Welcome Email: site1-welcome-template</li></ul>

<ul>
<li>Password Reset: site1-reset-template</li></ul>

<ul>
<li>Custom From Name: "Site 1 Team"</li></ul>

<ul>
<li>From Email: noreply@site1.network.com</li></ul>

Note: Site-level settings cannot override network security policies. Security policies (password rules, 2FA, IP blacklists) remain enforced network-wide.

Step 6: Unified Audit Logging

Track activity across all sites from a central location.

Network-Wide Logging Configuration

Navigate to Network Admin > Attributes Access > Audit Log:

Audit Log Settings:
<p>✓ Enable Network-Wide Logging
</p>
<p>  Log Retention: 365 days
</p>
<p>  Storage: Centralized database
</p>
<p>  Export: Monthly CSV reports
</p>

<p>Events Logged:
</p>
<p>✓ Cross-site logins
</p>
<p>✓ Site switching activity
</p>
<p>✓ Role assignments/changes
</p>
<p>✓ Security policy violations
</p>
<p>✓ Failed authentication attempts
</p>
<p>✓ Settings modifications
</p>
<p>✓ User account creation/deletion
</p>

<p>Access Permissions:
</p>
<ul>
<li>View Logs: Network Administrators only</li></ul>

<ul>
<li>Export Logs: Super Admins only</li></ul>

<ul>
<li>Real-Time Alerts: Network Admins, Site Admins (own site)</li></ul>

Network Dashboard Widget

Add to Network Admin dashboard:

<div class="network-security-dashboard">
<p>  <h2>Network Security Overview (Last 24 Hours)</h2>
</p>

<p>  <div class="stats-grid">
</p>
<p>    <div class="stat-card">
</p>
<p>      <h3>👥 Active Users</h3>
</p>
<p>      <strong>[attributes_network_user_count period="24h"]</strong>
</p>
<p>    </div>
</p>

<p>    <div class="stat-card">
</p>
<p>      <h3>🌐 Total Sites</h3>
</p>
<p>      <strong>[attributes_network_site_count]</strong>
</p>
<p>    </div>
</p>

<p>    <div class="stat-card">
</p>
<p>      <h3>🔒 Security Events</h3>
</p>
<p>      <strong>[attributes_network_security_events period="24h"]</strong>
</p>
<p>    </div>
</p>

<p>    <div class="stat-card alert">
</p>
<p>      <h3>⚠️ Failed Logins</h3>
</p>
<p>      <strong>[attributes_network_failed_logins period="24h"]</strong>
</p>
<p>    </div>
</p>
<p>  </div>
</p>

<p>  <div class="recent-activity">
</p>
<p>    <h3>Recent Network Activity</h3>
</p>
<p>    [attributes_network_activity_feed limit="20"]
</p>
<p>  </div>
</p>
<p></div></p>

Step 7: Testing Your Network Configuration

Network Activation Tests

Plugin active on all existing sites

Network settings accessible to super admin

Per-site settings available to site admins

License valid across all sites

Single Sign-On Tests

Navigate to Site 2, auto-logged in

Navigate to Site 3, auto-logged in

Logout from any site, logged out from all

Session timeout works across sites

Security Policy Tests

Password policy enforced on all sites

2FA required per network policy

IP blacklist blocks access network-wide

Site admins cannot disable network policies

Audit Logging Tests

Cross-site activity tracked

Network logs accessible to super admin

CSV export includes all sites

Log retention policy enforced

Best Practices for Multisite Networks

Network Architecture

Plan role hierarchy before deployment

Document site-specific requirements

Establish clear naming conventions

Create dedicated network admin team

Regular network security audits

Security Management

Enforce 2FA network-wide without exceptions

Use strong password policies consistently

Monitor cross-site activity patterns

Centralize IP management

Regular policy reviews and updates

User Management

Centralized user creation workflow

Clear role assignment process

Regular permission audits across sites

Documented offboarding procedures

Self-service password resets

Performance Optimization

Enable network-wide object caching

Use CDN for static assets across sites

Optimize database queries for multisite

Monitor individual site load times

Schedule regular maintenance windows

Troubleshooting Common Issues

Issue: SSO not working between sites

Solution: Verify all sites use same parent domain. Check cookie domain setting (.yournetwork.com). Ensure HTTPS on all sites. Clear browser cookies and test again.

Issue: Network policies not applying to specific site

Solution: Verify plugin is network-activated. Check site hasn’t been excluded in network settings. Re-save network settings. If persistent, deactivate and reactivate network-wide.

Issue: Audit logs not capturing all sites

Solution: Check database connectivity from all sites. Verify log storage location accessible. Ensure adequate database permissions for all sites. Review log retention settings.

Expected Results

Successful Network Configuration Provides:

Centralized Management: Single dashboard for network oversight

Unified Authentication: Single sign-on across all sites

Consistent Security: Network-wide policies enforced

Site Flexibility: Per-site customization within policy limits

Complete Visibility: Unified audit logging and reporting

Next Steps

Enhance your multisite network:

Integrate with LDAP/Active Directory for enterprise SSO

Implement network-wide analytics dashboard

Create automated site provisioning workflows

Add network-wide content distribution

Set up cross-site user groups

Implement network-level rate limiting

attributes WP