Multisite Registration Security

As I build out and try new sites on my multisite network I am starting to run into a problem, securing all the different login and registration methods of each site. the main site has both the default login page and a buddypress registration page. Another site is using bbpress. Another might use a different method. How do I keep all this login/registration activity in one place with one recaptcha or honeypot while also keeping users within their respective sites? If I redirect a subsite user to the default login, then they will end up on a different site from where they started. Buddypress forces registration through its own page, no option to redirect to a single login. My head is spinning, all these different ways to register and login seem counterproductive to how multisite works, a consolidated user base. With all the different login methods, I feel like security is going to be a big problem, the site feels like swiss cheese with lots of holes.

I guess my question is, what is the standard secure solution to working with multisite user accounts and subsites?

  • Ash
    • WordPress Hacker

    Hello Mike D

    In spite of the term is multisite, it shares the same user table in the database. So, there are two ways I can think of:

    1. Use a centralized system, redirect all registration to the main site and use a plugin so that every registered users are users of each subsite. That way, the user won't end up as a user of main site only. You can do so using this plugin: https://wordpress.org/plugins/multisite-user-management/

    2. Or, you can use site specific registration system. But then, you can't network enable buddypress and bbpress. That has to be enabled on per site. There is another plugin that helps with site specific login: https://github.com/Ipstenu/join-my-multisite

    Hope it helps! Have a nice day :slight_smile:

    Cheers,
    Ash

  • Mike D
    • The Bug Hunter

    1. Use a centralized system, redirect all registration to the main site

    What system is that? The plugin that you linked to is over 4 years old, I definitely wont be trying that. I am really surprised you multisite masters do not have a centralized 'system' or plugin or best practices guide for multisite registration management.

    2. Or, you can use site specific registration system.

    Well that is the problem I am trying to avoid. If each subsite administrator sets up their own registration method, they will be creating security holes because they could be allowing insecure access to the centralized user list. Ive tried the Ipstenu plugin before, it.. ok. But it looks abandoned also.

  • Ash
    • WordPress Hacker

    Hello Mike D

    What system is that? The plugin that you linked to is over 4 years old, I definitely wont be trying that. I am really surprised you multisite masters do not have a centralized 'system' or plugin or best practices guide for multisite registration management.

    The plugin is old but still it's functional. This plugin consists just one file and a few lines of code which doesn't need to update, that's why it's not updated I guess. I am still using this plugin in one of my sites and works great there.

    I am now aware of any other plugin that does the same job. This is because, people who use centralize registration system, use a custom developed system as they may have other requirements as well. In most of the network, subsite admins handle their own registration system.

    However, saying a centralized registration system I meant is to have a registration form on the main site. You can do so using any front end regsitration plugin. So, once an user is registered, he will be added to all subsites.

    I know you don't trust an old plugin. but would you please give it a try at least, maybe on a test site if you have any, just to check if it serves your purpose?

    Let us know how it goes. Have a nice day!

    Cheers,
    Ash

  • Mike D
    • The Bug Hunter

    I know you don't trust an old plugin. but would you please give it a try at least, maybe on a test site if you have any, just to check if it serves your purpose?

    Ok Ash, I did it for you my friend. So far it looks good. Thank you.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.