WordPress Multisite is a native WordPress feature that allows you to create and manage multiple WordPress sites off a single installation and dashboard. Depending on your project needs, you can set up WP Multisite as subdirectories, subdomains, or multiple domains.
With so many options available, many users ask how to properly install an SSL certificate on WordPress Multisite? This guide will walk you through each configuration method and show you how to secure your Multisite installation. Before we begin, let’s list some pros and cons of WP Multisite, so you know exactly whether it’s something you need or not.
The Pros of WordPress Multisite
- You can build a multilingual website and manage all the language versions via multisite and supporting plugins
- You can manage all the websites from the same dashboard via a single super-admin user
- Themes and plugins need to be installed and activated only once across the entire network. The same goes for the updates.
- Users can run their blogs on your network
- You can monetize your network by offering hosting space.
The Cons of WordPress Multisite
- Not all plugins are compatible with Multisite
- Individual site admins can’t install and uninstall plugins and themes
- Downtime on your server will affect the entire network
- If one site within the network experiences a spike in traffic, the loading speed of other sites may decrease
- Hosting needs will increase if you intend to add a significant number of sites. Shared hosting may not be enough.
Now that you know the pros and cons of a multisite installation, let’s talk about securing it with an SSL certificate. Today, SSL encryption is all but mandatory for all types of sites, regardless of niche and complexity. Whether it’s a small blog or a massive e-commerce store, you have no choice but to install an SSL certificate on your server. Fail to do so, and popular browsers such as Chrome and Firefox will flag your website as not secure.
When it comes to WordPress Multisite, the type of SSL certificate you need will depend on your configuration. Let’s take a closer look at each possible setup and ways you can secure your network of multiple sites.
Multisite as subdirectories
In simple terms, a subdirectory, also known as a subfolder, is a path within a domain used to categorize the content. Here are a few examples of subdirectories:
To secure subdirectories within a multisite network, all you need is a regular SSL certificate. If you’ve already transitioned to HTTPS, you don’t have to do anything because all your subdirectories automatically transfer to HTTPS. You can pick an SSL certificate of your liking, or use our highly accurate SSL Wizard to find a suitable cert for your project and budget.
Multisite as subdomains
A subdomain is a domain that is part of the root domain. Subdomains are a great way to organize different sections of your site. Example of subdomains:
If you manage multiple subdomains via WP multisite, then a Wildcard SSL certificate is the perfect solution. Wildcard certs secure unlimited domains along with the main domain, all under a single installation. Best of all, you can add subdomains whenever you need without reissuing your certificate since these will be automatically covered by the SSL.
Multisite as different domains
If you want all your subsites to use a custom domain of their own you have to map your domains first. With multisite domain mapping, you can configure a site such as blog.yoursite.com to show as yoursite.com. Best of all, this also works for subdirectories sites, so yoursite.com/blog can also display as yoursite.com.
Once you’ve mapped your domains, you need to encrypt them, and there isn’t a better option than a multi-domain SSL certificate. With a multi-domain cert, you can secure one to three domains by default, and up to 250 additional SANs (Subject Alternative Names) on request.
With one-time installation and renewal, multi-domain SSL saves you precious time and money. Please note that you may need to use SNI (Server Name Indication) which can secure multiple Sites using a single SSL certificate.
Enable HTTPS on Multisite Network
After you’ve installed the SSL certificate on your server, you need to force HTTPS across all your Multisite network. Before you begin, we highly recommend to back up the data on the WordPress site. Here are the steps to activate HTTPS on a Multisite network:
- Open the Network Admin dashboard and click on settings
- Navigate to Domain mapping option and scroll down until you find Force HTTP/HTTPS
- Select Yes under Would you like to force https in login and admin pages
- Select Force https under Would you like to force http/https in front-end pages
After you encrypt your main domain, it’s time to secure your user’s sites. Scroll further down in the Settings’ page until the Enable excluded/forced urls option comes up. Here you can permit your users (admins) to exclude pages from mapping and use your SSL certificate on their sites.
Congrats! Now your users can browse admin dashboard>>Tools>>Domain mapping and add the domain names they want to secure without buying a separate SSL certificate.