New to the community? Start here

Defender Pro Multisite – do I only need to configure the main site?

I’m just getting started with multisite. For Defender Pro – do I need to configure anything at all on the “child” sites? Or do I just configure the top, main site and it covers everything underneath? Thanks!

Thu, 4 Feb 2021 18:07:11
  • Patrick Freitas
    • FLS

    Hi Matt

    I hope you are doing well.

    twinsmagic On the Defender this is a bit different.

    The subsites share the same WordPress installation, it means when the Defender scans, it will verify entire network plugins and theme.

    For the Headers, 2FA and Mask URL it also applies to all subsites automatically so all configuration is done on the network level only.

    So it is only necessary to control the plugin network-level as there is no extra step to be done subsite level.

    Let us know if you have any additional question on this.
    Best Regards
    Patrick Freitas

      • Jovan
        • Ex Staff

        Hi Matt

        Not entirely true. You do have options within Network Dashboard > Smush Pro > Settings > Subsite Controls to choose whether your subsites will inherit your network settings or choose to control them separately within each subsite.

        More reading about that here :slight_smile:

        If there’re any further questions please let us know.

        Kind regards,
        Jovan

  • Carsten from TwelveTrains
    • Flash Drive

    Hi, I’ve just set up Defender Pro in a multi site installation. There is one thing I have discovered which does not work on the subsites, namely:

    Locations (GeoLite2 data created by MaxMind active).

    The main site is banned by countries on the Blocklist but not the subsites.

    Or am I missing a setting somewhere? :grinning:

    Thanks,
    Carsten

  • Alastair Dodwell
    • New Recruit

    On a Multisite installation it seems that there is only 1 Defender set up. In that each site refers back to them main / master site. This means that the sites name that shows on each of the subsets is the main one. This does not work for clients who are looking for their site and done know the master sites. – We have had to take this off, leaving all sites less secure. How can this be resolved. Thanks.

  • Vikram Singh
    • Staff

    Hi Alastair Dodwell ,

    Thanks for your response.

    Since all subsites share the same WordPress installation, Defender’s security settings need to be applied at the network level. When configured at the network level, these settings are enforced across all subsites, ensuring that each subsite remains secure without requiring individual configurations.

    In short, your subsites are not less secure—they benefit from the same security rules applied across the entire network.

    Let me know if you have any further questions.

    Best regards,
    Vikram Singh

  • Sajjad Rahat
    • Staff

    Hi Alastair Dodwell ,

    I hope you’re doing well.

    Due to User Management in a Multisite Network, Defender configures 2FA on the Network Admin level, not the subsites level, which maintains consistent security protocols for all users within the network. But I do get what you’re saying here regarding the App Title for the 2FA, and users are seeing the main server name, not the sub-site’s name.

    We already have a feature request to implement 2FA on Defender, and I’ll pass this message to our Developers Team to have a look at it and, if possible, implement this feature to have a different App Title on 2FA for the subsites. We don’t have an exact ETA for when this feature will be implemented, but we can ask our Developers to check the scope and implement this in future updates.

    Please do have an eye on our roadmap to check out future updates: https://wpmudev.com/roadmap/#upcoming-defender-5-2.

    Best Regards,
    Sajjad Rahat