Ensuring Theme Compatibility with Multisite Blogs

In preparation for launching my blog network, I'm trying to expand my library of available themes beyond the many great themes available on WPMU Dev. I've been able to figure out a strategy for tackling some of the security concerns related to theme options that might allow users to insert unfiltered code (thanks Phil), but I'm curious about general compatibility issues. In a nutshell, I'm not sure exactly what makes a theme multisite compatible (or not).

Are all themes assumed to be compatible due to the inherent design of WordPress 3.x? If not, are there particular lines of code that need to be present to ensure compatibility?

In the event that compatibility can only be determined through rigorous testing, could you provide a list of use cases/scenarios that I should be testing?

Thanks

    DavidM

    Hi nycwebworks,

    Ultimately the best thing to do to find out if a theme will work well on multisite is to check with the developers. They'd be the the best resource for that, bar none.

    A couple things to consider though is whether a theme stores its options in a way that sub-sites can have different settings (get_option() ). This holds true for plugins as well.

    Also, some themes use a folder for image uploads that either won't work on multisite or won't allow for sites to have different images.

    As a general way to find out if a theme supports multisite, the inclusion of the conditional is_multisite() is a good pointer!

    Perhaps others around here have some insight on this too though. Anyone?

    wpcdn

    There are previous threads on this, in which it's mentioned which provider's themes generally work on multisite, and what some of the pitfalls are.

    In summary, you'll want to remove things like links to the theme support forums. And, as for places where users can insert unfiltered code, that can vary from theme to theme. For example, a theme might include a "Welcome Message" that might allow JavaScript and other code. We simply test by dropping in code and seeing if it executes (e.g., "Good Morning"/"Good Evening"), and we inspect the theme code if necessary. For each one of those places, we sanitize it to strip anything but allowed HTML.

    Some themes seem to already be pretty well sanitized, for example Elegant Themes. Another clean one is StudioPress, which doesn't generally include those kinds of fields.

    Hope this helps.

    Mark