Guide to Using WordPress as a Platform with Multisite [Guide]
TL;DR: This guide is about how to setup WordPress as an automated platform to efficiently create and manage websites to make more money through new revenue channels, higher margins on existing services, recurring revenue streams, serving more clients in less time, productizing services and more.
This guide is foundational and covers general setup of the WordPress multisite network. Niche specific applications and customizations will be covered in other guides.
All guide updates will get added to this page. Summaries of the updates will get added as blog posts.
Have questions, comments or feedback? Let us know in the comment section below.
Table of Contents
- Overview
- Getting Started
- Setup
- Security
- Site Creation
- Creating Sites & Users
- Site Templates
- Themes and Site Building
- Functionality Plugins
- SEO
- Forms
- Social Media
- Site Optimization
- Spam Management
- Image Optimization
Overview
TL;DR: Leverage and synergy are how we efficiently create and manage sites, maintain healthy profit margins and build a reputation to attract a steady stream of leads from our target audience. We’re specialists.
What is a website platform?
In this context we mean a “website platform” as a foundation to quickly create new websites in a way that’s efficient to maintain.
How does it work?
Our WordPress website platform relies on WordPress multisite, which gives us a single filesystem to maintain and host a virtually unlimited number of websites.
WordPress multisite works by sharing a single filesystem (plugins and themes) across all websites and a core set of database tables, while each site has dedicated post, post meta, etc. tables for content.
Where some use tools like ManageWP, InfiniteWP, etc. to maintain multiple WordPress sites across multiple hosts this allows us to do it on a single install to minimize operational costs and maintenance burden (only one set of plugins and themes to update).
Learn more about how WordPress multisite works in this blog post: The Ultimate Guide to WordPress Multisite.
Why is it useful?
The efficient creation and maintenance of these websites give you leverage to open up new revenue opportunities, earn higher margins on existing services, serve a wider potential client base and gain the ability to productize a service.
Example: Effectively serve the dreaded $500 client using your website platform to 1) create a great looking website in minutes, 2) do [or outsource] light customization + add content, then charge ~$50/mo. for Hosting and maintenance with a 1-year minimum.
Additional resources on productizing services:
- Why WordPress Professionals Should Consider Productized Services
- 7 Steps to Building a Profitable Productized WordPress Service
- How to Earn $15,000+/mo. with Productized Services
- 3 Productized Service Examples to Add to Your WordPress Business
- 10 Productized Service Examples to Start Earning More Money
Who can benefit?
- Freelancers & Agencies: Profitably serve a wider segment of clients, open a new recurring revenue stream, productize a service.
- Service Companies: If you offer services to a particular market (e.g. CRM software for accountants) easily add a website offering for that same market (e.g. a hosted website platform for accountants) and tightly integrate your existing services.
This isn’t for everyone. As websites increase in complexity they’re less likely to have functionality in common, but most websites (75%+) have most functionality (75%+) in common.
If most of your clients have vastly different website needs/functionality then either 1) this guide isn’t for you or 2) you need to narrow your client type to get more synergy (read: leverage) out of your work.
How to make the most of it
Leverage and synergy are the key ideas. To succeed you have to be a hedgehog (specialist), not a fox (generalist). Do this by targeting a particular kind of client, in a narrow budget range, who needs a specific kind of website. It may take time to discover your specialty, but start by looking at your past clients for consistency.
Even after finding your specialty client type it could take a couple years to build up enough clients in your specialty and finish handing off old clients. And then there’s always that one early client that you’ll never hand off because [insert reason here]. “That little guy? I wouldn’t worry about that little guy…“
Refer less fitting leads to others, earning a reputation in your specialty with all the leads you can handle because nobody serves that type of client better or more profitably than you.
Getting Started
Now let’s talk about how to do it. At some point when I get more time I’ll add a case study working through each step of this process. Until then, this guide will have to do.
Domain Name & DNS
TL;DR: The .com TLD is preferred in most cases, but any will do. Buy from any reputable domain registrar. Using a www prefix for your domain name is preferred due to the flexibility it provides with DNS for you and your customers.
If you’re advanced enough to follow this guide then you probably already have your favorite registrar and understand domains. But in case you don’t, let’s go over the basics.
Domain Registrars
- GoDaddy
- Name.com
- Namecheap
www vs non-www, etc.
Whether you choose www or non-www is a matter of preference. I typically go with non-www but www can provide more flexibility depending on your configuration.
dns.domainname.com
It’s a good idea to setup dns.domainname.com instead of using an IP address for your customers to point their domains to. This give you more flexibility if you ever need to change your IP address. This way, if you customers point their domains to dns.domainname.com you can just update the IP address on your end and all customers don’t have to update their own DNS records.
Hosting
TL;DR: Use Managed WordPress hosting unless you have a good reason not too–it’s worth outsourcing this stuff no matter how advanced you are. WP Engine is a solid option and flexible enough for the most advanced users. Start with the $99/mo. Professional plan.
What kind of Hosting you need is a matter of preference and expertise. Opt for Managed WordPress hosting if you’re a novice or don’t want to manage your server. If you want more control, opt for something more advanced like a Cloud/VPS/Dedicated server.
Your price range is the biggest factor here. Some hosts are awful, but if you know what you’re doing most of the top hosts are comparable.
Managed WordPress hosting options
WP Engine: This isn’t necessarily the best choice, but I started using multisite (plan starts at $99/mo.) with them in 2011. There have been issues, but they haven’t been significant enough to move. Though not easy, I’ve been able to do things like use an EV SSL on the main site of a subdomain multisite install with a wildcard SSL on the rest. These are typically hard to do on a managed host, but I can confirm the staff can help you here.
Flywheel: I’ve used Flywheel, though not extensively with multisite. However, their multisite plan is less than 1/3 the cost of WP Engine’s, so if cost is a factor it may be worth looking into.
GoDaddy: GoDaddy is hard to beat in terms of value for Managed WordPress hosting. Unfortunately, it doesn’t support multisite yet, so it’s not an option.
Other Managed WordPress solutions: There are other Managed WordPress hosting solutions like Pagely, Kinsta, etc. but I haven’t used them extensively with multisite. They may be great, so if you’re already using one of them and it works well, then stick with it.
Cloud/VPS/Dedicated server hosting options
If you’re using one of these, then you probably already have your favorite and don’t need recommendations.
Personally, I’ve looked at Google Cloud, but had issues with domain mapping. This was early on, so the issues are likely resolved now. For our purposes AWS and Google Cloud are attractive, but on the complex side. Digital Ocean is another popular option.
Budget hosting options
If cost is a factor there are plenty of shared budget hosting options at GoDaddy, SiteGround, Bluehost, etc. These are fine for getting started or testing, but large multisite networks are hungry. If you’re charging a reasonable price to host and maintain client sites (at least $50/mo.) then a higher quality hosting solution is well worth the cost.
Setup
Install WordPress
If you’re not using a Managed WordPress service (comes with WordPress pre-installed) you’ll need to install WordPress yourself. Most hosting products offer WordPress via a one-click installer.
If you’re given an option during the setup/install process for install type (some Managed WordPress hosts and one-click installers offer this choice), choose a WordPress multisite subdomain install. Don’t worry if you’re not sure what that is, we’ll cover it later.
In the unlikely case you need to install WordPress manually…
- Download WordPress here: https://wordpress.org/download/
- learn how to install WordPress here: https://codex.wordpress.org/Installing_WordPress
Enable WordPress Multisite
The foundation for our automated website platform is WordPress multisite. Learn more about how our platform benefits from multisite in the How does it work? section above and learn more about WordPress multisite in general here.
To setup your WordPress multisite network see these guides:
If your website host already setup WordPress multisite then you’re all set–just make sure it’s a subdomain install. Multisite allows both subdomain (subdomain.yourwebsite.com) and subdirectory (yourwebsite.com/subdirectory) install types. We want a subdomain install. Learn how to switch multisite install types here.
Updating WP Config
One of the most important files in your WordPress installation is your wp-config.php file. For general information on wp-config see Editing wp-cofig.php here.
The current state of your wp-config.php file largely depends on your host. For example, Managed WordPress services sometimes heavily modify your wp-config.php file while setting up your installation.
You may need a few extra settings to get your multisite network working properly–it depends on your setup. Here are some of the settings I often use:
// Extra WP Multisite
define( 'NOBLOGREDIRECT', 'https://example.com/404/' );
define( 'WP_ALLOW_MULTISITE', true );
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', true );
$base = '/';
define( 'DOMAIN_CURRENT_SITE', 'example.com' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );
define( 'SUNRISE', 'on' );
We’ll talk about more of these settings later.
Configure Your Multisite Network
On your network in the Network Admin area ( https://example.com/wp-admin/network/ ) you’ll find the network settings under Settings > Network Settings.
Many of these settings are preference, but here are some suggestions:
- Network Title: The name of your network.
- Network Admin Email: The email address that receives notifications. Also the default “From” email for registration/support emails.
- Allow New Registrations: This depends on your preference. Allow both sites and users to be registered on an open free or paid network where new users can sign up. Disallow them if it’s a private network where you set all sites.
- Registration Notification: I typically leave this on for a pulse on the network. Turn them off if you don’t want notifications or have a high volume of new signups.
- Add New Users: This allows individual site admins to add new users. Most users don’t need this capability, but it depends on your business model.
- Banned Names: Add any restricted site names here, e.g. www, web, root, admin, main, invite, administrator, files, your name, your company name, etc.
- Limited Email Registrations: Used to only allow registration with certain email domains, e.g. yourcompany.com.
- Banned Email Domains: Used to prevent registration with certain email domains, e.g. yahoo.com.
- Welcome Email: The email sent to new site owners.
Here’s an example, feel free to use it:
Hi, thanks for trying YOUR COMPANY NAME, we’re really happy to have you!
Here’s your website info:
– View your website here: BLOG_URL
– Login to your website here: https://example.com/admin
– Username: USERNAME
– Password: PASSWORD
You can reset your password on the login page.
Enjoy your X-day trial period. Check out this quick guide to get started: https://example.com/start
After activating a paid subscription we can help with setup at no cost. For example we can transfer content from another website, add a logo, custom color scheme and more.
If you have any questions or need any help just reply to this email or contact us at [email protected].
Thanks for trusting us with your website.
– The YOUR COMPANY NAME team
Note: BLOG_URL, USERNAME, PASSWORD are automatically converted into the relevant user info.
- Welcome User Email: The email sent to new users (only if a site wasn’t created).
Here’s an example, feel free to use it:
Hi, we just finished setting up your new user account!
Username: USERNAME
Password: PASSWORD
Login here: https://example.com/admin
You can reset your password on the login page at any time.
If you need any help, just email us at [email protected]
– The YOUR COMPANY NAME team
Note: BLOG_URL, USERNAME, PASSWORD are automatically converted into the relevant user info.
- First Post, Page, Comment, etc. are self-explanatory These typically aren’t used because they’re included in the template sites.
- Upload Settings are self-explanatory. Here’s a default list of allowed file types if you need suggestions: jpg jpeg png gif mp3 mov avi wmv midi mid pdf
- Default Language: The default language for the network. Users can switch to their own language on a site by site basis.
- Enable Administration Menus: Allow access to admin menus, typically just Plugins is shown here.
Security
Securing Your Network
WordPress security is particularly important here because if your Network Administrator account is hacked they’ll also have access to every site on your network.
WordPress security is a popular topic, so popular that we don’t need to cover it all here. If you’re new to WordPress, check out Hardening WordPress in the Codex. Here are some highlights:
- Don’t use the default admin user account and especially don’t give it Super Admin privileges.
- Use a unique, strong password.
- Two-factor authentication is also an option.
- Keep your network (plugins, themes, WordPress core) updated.
- See more on WordPress security here.
If you’re on a Managed WordPress host much of this hardening is done for you, so check with your host before making any advanced changes.
Other ways to protect your site include using 3rd party plugins to prevent brute force attacks like Jetpack’s Brute Protect module. This is especially useful if you’re already using Jetpack’s other features.
TLS/SSL Certificates
TLS/SSL certificates help secure your website and are highly recommended. Though most people still call them SSL certificates, SSL is the predecessor of TLS. We’ll call them SSL certificates here for simplicity.
There are multiple kinds of SSL certificates. Aside from standard SSL certificates there are Wildcard and EV (Extended Validation) certificates, which we’ll discuss below.
Wildcard SSL
Wildcard SSL certificates protect all subdomains on a network, e.g. .domain.com, where the asterisk () represents any subdomain from www.domain.com to 123.domain.com.
On a WordPress multisite network this typically means the primary site (domain.com or www.domain.com), subsites (e.g. help.domain.com) and admin/login pages for all sites (assuming you use the original, non-mapped domain for the admin pages).
If a custom domain is mapped to a customer site the Wildcard SSL certificate won’t cover the front-end because it is on a different domain.
Wildcard SSL prices typically range from $200-$300/year. I’ve used RapidSSL Wildcard SSL certificates in the past, but I’m currently using GoDaddy. Go with whatever works for you.
Extended Validation (EV) SSL
EV certificates require additional business validation and give you the green bar on your website:
This has no other affect than adding additional trust for your users. How effective is this? It’s debatable, there are various opinions on the issue.
I use EV certs on one of my networks. How much of a difference does it make? I don’t know, but it certainly doesn’t hurt.
EV SSL certificates run between $100-$200/year. I use GoDaddy for my EV SSL certificate as well. The validation process is more in-depth than you might expect, so I recommend looking into it before buying an EV certificate.
This is the guide that I never finished…