An insecurity within just one of those websites could put the entire network in danger.<\/p>\n
Abiding by WordPress security best practices<\/a> is a good place to start, but it might not be enough. If you\u2019re running a network of WordPress sites all from one place, then this post is for you.<\/p>\n I\u2019m going to briefly cover who these cross-site contamination concerns pertain to and then give you a special checklist of tips to use when running a network of websites.<\/p>\n Let\u2019s face it: hackers are needing to get more creative about how they crack into websites these days.<\/p>\n WordPress may be an easy target because of its popularity, but it\u2019s not an easy platform to break into if the people who build and manage websites abide by security best practices.<\/p>\n Of course, that logic starts to waver a bit when the number of websites on your network increases.<\/p>\n Here are some of ways in which you might consolidate your web properties, unintentionally putting them at risk for cross-site contamination:<\/p>\n You\u2019ve created a Multisite network<\/a> within WordPress.<\/p>\n While it\u2019s a great feature for web developers who want to easily manage a network of sites all from one WordPress installation, this also means that one bad apple could easily poison the whole batch.<\/p>\n In essence, with all these shared resources, files, plugins, logins, and so on stored in the same place, this increases the risk that one website harmed could lead to all sites on the network being compromised.<\/p>\n The same goes for websites that share a hosting account (not necessarily those on<\/em> shared hosting; just those that share one account).<\/p>\n All it takes is one website that\u2019s not properly secured (through a bad plugin or a weak password) and hackers can wreak havoc through the entire network of sites.<\/p>\n There are a number of parties who could potentially be affected by this:<\/p>\n Web developers who sell hosting either as a full-time or side gig may find this to be a lucrative way to make extra money with WordPress.<\/p>\n That said, if you don\u2019t accurately configure your hosting platform<\/a>, you could put all your clients\u2019 sites at risk in the process.<\/p>\n I can\u2019t stress this enough: all it takes is one website to get infected to take down your entire network.<\/p>\n Imagine how devastating that would be to your business.<\/p>\n You assured clients that you\u2019d take care of their website and you honestly believed that everything would be okay.<\/p>\n But you left a seemingly harmless staging site unattended or you trusted that your hosting clients would properly secure their individual sites\u2026 and something went wrong. So, now what?<\/p>\n Well, you need to not<\/em> wait until the \u201cnow\u201d.<\/p>\n You need to take action now to properly secure your network of WordPress sites from cross-site contaminations.<\/p>\n Obviously, this checklist is not meant to replace the WordPress security checklist<\/a> you already work off of. Those tips hold true whether you\u2019re running one WordPress site or an entire network.<\/p>\n The following checklist, however, should be added to that list if you intend on managing a network of websites.<\/p>\n The whole point in bringing together various websites into a single shared hosting account or WordPress Multisite is so you can more conveniently and effectively manage them all at once.<\/p>\n Nevertheless, those websites are still unique web properties that need to be treated as such.<\/p>\n So, rather than assume that the security procedures used by your hosting provider are enough, use a security scanning plugin for every single one<\/em> of your WordPress sites.<\/p>\n Defender<\/a>, of course, does a great job of regularly scanning your site, enforcing stringent security practices, and documenting all activity, so I\u2019d suggest starting there.<\/p>\n You know that when you sign up with a trusted hosting source they usually tout the secure firewall placed on their servers to keep intruders out.<\/p>\n However, if you\u2019re running your WordPress sites from the same hosting account, that means your network is secured by only one firewall and that there is no separate barrier standing between each of your sites.<\/p>\n Since this is why cross-contaminations happen, it\u2019s important to add a firewall to every website.\u00a0Cloudflare<\/a> have you covered in this department.<\/p>\n Their web application firewall\u00a0comes with built-in rulesets, including rules that mitigate WordPress specific threats and vulnerabilities.<\/p>\n Once the WAF is enabled, you can rest easy knowing your site is protected from the latest threats.<\/p>\n If your network vulnerability stems from using WordPress Multisite, then the best thing you can do is get a reliable Multisite management plugin like WP Ultimo.<\/a><\/p>\n This way, you know you\u2019ll have more control over what your clients do with their websites while you get to use a plugin you know is safe and secure, too.<\/p>\n Of course, don\u2019t forget about comment spam.<\/p>\n It\u2019s one of the reasons why many blogs decide to turn comments off<\/a> completely.<\/p>\n When you\u2019re running a large network of sites\u2014especially when you have little to no control over blog content or the comments popping up on it\u2014you\u2019ll want the Akismet plugin<\/a> to keep your sites safe from spam and other harmful injections.<\/p>\n The larger your network of sites grows, the easier it becomes to lose track of them.<\/p>\n That\u2019s why you should schedule time\u2014ideally, at least once a month or quarter\u2014to review your hosting or Multisite account.<\/p>\n By keeping your server clear of old domains, you\u2019ll cut down on the possibility that hackers stumble upon them and take advantage of the perfect breeding ground of unmonitored activity, un-updated core and plugins, and so on.<\/p>\n If you\u2019re bringing websites together into the same WordPress installation or hosting account, you\u2019re hopefully using the same set of reliable plugins and themes for them as well.<\/p>\n While WordPress Multisite simplifies the process of keeping \u201cshared\u201d plugins and themes updated across all sites, it\u2019s still important to regularly review each third-party integration.<\/p>\n You never know when a developer has decided to stop supporting them, a plugin has been flagged by WordPress, or a new security flaw is introduced into one of them.<\/p>\n However, sometimes it can be a hassle to keep up with all of the WP updates, as well as the countless plugins and themes.<\/p>\n That’s when a plugin or a piece of software that automatically updates for you would come in real handy…<\/p>\n![\"Security](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Security_Patches_02_600.png\")
<\/div>\nWho Should Be Concerned About Cross-Site Contaminations in WordPress?<\/h2>\n
WordPress Multisite<\/h3>\n
Multi-Domain Hosting Account<\/h3>\n
\n
Re-selling Web Hosting<\/h3>\n
Checklist: 8 Things You Need to Do to Fend Off Cross-Site Contaminations<\/h2>\n
1. Scan Every Site<\/h3>\n
![\"Cross-Site](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Cross-Site-Contaminations-Defender-Security-Plugin.png\")
2. Add Separate Firewalls<\/h3>\n
![\"Cloudflare](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/cloud-fare.png\")
3. Use a Trustworthy Multisite Plugin<\/h3>\n
![\"WP](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/06\/wp-ultimo.png\")
\n<\/div>\n4. Block Multisite Spam<\/h3>\n
![\"Akismet](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/akismet-spam.png\")
5. Clean Out Old Domains<\/h3>\n
\n
6. Keep Plugins and Themes Updated<\/h3>\n
![\"Cross-Site](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/Cross-Site-Contaminations-Outdated-Plugin.png\")
![\"A](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2017\/10\/automate-wpmudev.png\")