Large Dedicated Server Project

Hello,

I am planning to sell ALOT of websites tomorrow if everything goes to plan. I literally want 1,000 or more over the next month. I have heard horror stories about Multisite due to the fact that if one person gets hacked everyone gets hacked. How can I manage 1,000s of websites easily (tech support etc) and protect everyone from each other and their code xyz... I want to host small business websites and have each person purchase their own SSL. What set up would you suggest to do this? I would like to be able to quickly and easily access their sites to support, upgrade and manage their sites while they still have access to 'do it yourself' by adding their own content. Should each person have their own Wordperss install? Any and all advice is greatly appreciated. Thank you in advance and Happy Holidays!

  • Sajid

    Hello Titus,
    Hope you are doing good today :slight_smile:

    Yes, its correct that WordPress MultiSites shares the same database and codebase and in case one site get hacked the whole network will be effected.

    However, no system is 100% secure. In WordPress what you can do is harden your website to make sure your site is protected and secure.

    For this purpose, you can use our WP Defender plugin. It has automatic scan and audit logging. Auto scan will scan your site and send you reports about your site. Where as audit logging will keep you inform what is happening where and who is doing what on your network.

    When it comes to Top Level Domains (TLD) you can use our Domain Mapping plugin to map the subdomian/subsite with a TLD. This plugin also support SSL and works well out of the box. However, you would have to configure SSL for each domain yourself on your cPanel/hosting.

    You can also use our Pro Sites plugin to sell sites to your customers right from your WordPress dashboard.

    On WordPress MultiSites, each site will have its own content and media so no one else on the network except supper admin can see those.

    To provide technical support to your clients, you can use our Support System plugin to provide on Dashboard support to each customer/site owner.

    Since we are pioneer of WordPress MultiSites (WPMU) and have extensive collection of MultiSites specific plugins as well second largest WordPress MultiSites network (http://edublogs.org/), we will recommend you using WordPress MultiSites.

    In case, you are going to manage billing and sale of your site somewhere else. Then you can go with WordPress single sites.

    To manage all sites under one account, install WPMU DEV Dashboard plugin on each site. This way, all your sites will be connected with your WPMU DEV account and can be updated in The Hub.

    Hope that helps! Feel free to post a reply if you need further assistance :slight_smile:

    Best Regards,
    Sajid

  • Titus

    Thank you for the reply!

    Wordpress Defender:
    How does the plugin notify me of suspicious activity?

    What steps are taken when the suspicious activity is idenyified?

    How quickly do I have to react and what do I have to do in the moment to stop the activity and prevent it from happening again?

    What happens to the attackers?

    How do I restore a system that large after an attack?

    How do I have back ups of that much Wordpress information for every person so that they don't lose anything?

    What website user activity and coding needs to be banned?

    What do I need to verify in a theme and plugins to know that is safe to put on the Multisite?

    Could I install a separate Wordpress per site and still use the WPMU Dashboard to access each client?

    What are the disadvantages of a single/separate Wordpress install per site?

    How do WooCommerce licenses work on a multisite install vs a single site install? Would a Woo Commerce plugin/extension license count as one install on a Multisite?

  • Sajid

    Hello Titus,
    Hope you are doing good today :slight_smile:

    How does the plugin notify me of suspicious activity?

    It will scan on the scheduled period and send you an email report afterwards.

    What steps are taken when the suspicious activity is idenyified?

    If you are using Defender and it reports a suspicious file/code on your site. It will give you three options, one delete that file completely, restore (if its core file), or ignore (false alarm).

    How quickly do I have to react and what do I have to do in the moment to stop the activity and prevent it from happening again?

    As quickly as you can. When you will have notification, then you may get recommended steps by Defender plugin.

    To stop, the happening again, it really depends what type of that attack is. For instance, you can lock the IP address(s).

    What happens to the attackers?

    On your end, what you can do is lock the IP or range of IP address(s) to prevent accessing of your website from those IP addresses.

    Well, if you can trace the person behind the attack. You can bring into court under cyber crime act (depends upon countries). By the way, its extremely hard to trace who were behind the attacks.

    How do I restore a system that large after an attack?

    How do I have back ups of that much Wordpress information for every person so that they don't lose anything?

    You can use a plugin like Snapshot Pro and schedule backups of your site. It also have managed backup option to backup and restore everything on a network including files and data.

    You can store your backup on our secure cloud servers via Managed Backups.

    Snapshot also have third party integration like Amazon S3, Dropbox, SFTP and Google Drive. So your backup archives can also be store their automatically right after the backup process is finished.

    The restore process is really easy, if its Local or WPMU DEV managed backups then you can restore with one click of a button.

    Go to Snapshot -> All Snapshots -> Select the snapshot you want to restore and click on restore button.

    For Managed Backup, go to Snapshot -> Managed Backups and click on the restore button to restore.

    If you have uploaded on a third party service like Amazon S3, Dropbox, SFTP and Google Drive. Then go to Snapshot -> Import, input the link of the backup archive and click on Scan and Import Snapshots.

    Alternatively, you can restore manually by uploading the backup archive to wp-content/uploads/snapshots and then clicking on Scan and Import Snapshots button. This will automatically add that backup in Snapshot -> All Snapshots from where you can restore with the click of a button.

    What website user activity and coding needs to be banned?

    It really depends upon your Terms and Conditions. Audit logging will just tell you which user is doing what, when and where.

    For example, some times you don't want your users to upload code based files. So you can warn them (no option to ban within Defender plugin at the moment but its a good idea).

    What do I need to verify in a theme and plugins to know that is safe to put on the Multisite?

    You don't need to verify that. Defender plugin have its own algorithm according to what it scan, detects and report if it found something suspicious.

    Could I install a separate Wordpress per site and still use the WPMU Dashboard to access each client?

    Yes, of course, you can install WPMU DEV Dashboard plugin including other plugins mentioned above (except Domain Mapping and Pro Sites) on your single WordPress site.

    And yes, you can manage those individual sites in The Hub too.

    What are the disadvantages of a single/separate Wordpress install per site?

    The biggest disadvantage will be managing each site individually in separate dashboard.

    Where as, in WordPress MultiSites, you can manage thousands of site under one dashboard.

    How do WooCommerce licenses work on a multisite install vs a single site install? Would a Woo Commerce plugin/extension license count as one install on a Multisite?

    Most licences, works per domain basis instead of per sites. That means, one licence can work on all of your sites and get updates/support for your main domain.

    Since, all sites shares the same code base, then once you will update the plugin on one site it will be updated through out sites.

    What are the biggest security mistakes that people make when they have a Multisite?

    As mentioned in my first reply, no system or method is hundred percent secure.

    You have to harden your sites (once you will install Defender plugin, it will guide you through the process).

    Keep WordPress, plugins and themes up-to-date.

    Schedule backups so you can restore, in case some thing goes wrong.

    In addition to that, we have at early stages in planing of our MultiSites Hosting service.

    Who is this service for?
    Companies, non-profits, WordPress agencies, and government organizations of all types and sizes that want enterprise level hosting and services. We offer a unique out-of-the-box solution where we handle all the heavy lifting of hosting, security, backups, support, and upgrades, so you can focus purely on content.

    If you are curios then read more here and feel free to get in touch with our staff to discuss this further.

    In future, please always start separate thread for each question, according to our forum posting rules.

    Take care and have a nice day :slight_smile:

    Best Regards,
    Sajid

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.