I love Multisite. I don’t think people use it ‘right’ but I love it. So I’ve started to make my own rules about Multisite and how to use it properly.
Only One SuperAdmin
There should be only one SuperAdmin, and you should never use that account to post. This will limit what you can do on any given day, and you’ll need a second account to mess with network settings, but this is a good thing. While WordPress lacks a sudo feature (yes, I know there are plugins), having only one SuperAdmin and locking that account tight and keeping the keys to yourself limits people’s ability to be mean to you and brute force. Extra points if you name the account something random.
Restrict Access
Only give people access to what they need. This means you limit their plugins to what they have to have, ditto themes, and you don’t let them argue they need the unicorn.
You knew I’d pull that one out, right?
Be mean and say no. Don’t let someone be an admin of a hundred sites if they only need to be admin of one. Don’t let them be members of sites they don’t need to write on. Remember, Multisite makes you a pseudo-subscriber so a user will be able to read and comment on all sites on your network. They only need to be a legit member if there’s a real reason, like it’s a locked site.
Don’t Network Activate Things
Perhaps this is better said as follows: Only network activate things that must be network activated.
Is it ‘easier’ to network activate W3TC and configure it for your network? Sure! Should you? Probably. But what about Jetpack? Does everyone need it? Do they all need the tool for GUI comments when not all the sites even use comments? Be judicious and cautious when you network activate plugins.
Test All The Things
Vet your plugins and themes before you install them. Test your upgrades on a non-production site. I cannot stress this enough. Test, test, test, test! Test! Just … test okay?
What are your rules?
I asked on Twitter and Tim Moore said he turns off the plugin menus for subsites. You can do this very easily by going to Network Admin -> Settings -> Network Settings and uncheck the plugins box for “Enable administration menus.” I do sort of wish we had more things there, like disable themes and so on, but seeing as you can more granularly control themes anyway it doesn’t matter that much.
Comments
2 responses to “Network Rules”
My rules are nearly the same (some more restricted, some less), but I don’t see the point to allow just one Superadmin.
I always give my customers the advice, to register 2 accounts on their blogs (single site or multisite): admin and editor.
Client is asking …”okay, but – why?”
These days I couldn’t answer this by myself.
@Lars: In truth it’s not just one super admin, but it’s not posting with the SuperAdmin. My Ipstenu Account, the author here, is not SuperAdmin. That’s a separate account, and I generally only log in via Incognito, and just to do network maintenance. I treat it like a root account, or a sudoer that has root access.
It’s a two-fold reason. First I have to think before I act. I can’t just install a plugin without a pause. Second, I know exactly what posting is like for my other admins. This keeps it easier to debug and test core π Plus I know when I need a shortcode/embed, and when I don’t!