Single User Multiple Websites

[David Hofmann]

Science for the People is currently working on the transition of all our websites to the MF/PL servers. We have been inquiring and thinking about the best way to do so and have a few questions.

Problem: we have multiple sites (our chapters and magazine), all run as subdomains to our main domain (scienceforthepeople.org). These sites are all wordpress sites and need to be adjusted individually by individual admins and contributors.

Questions:

• as we read from the wiki each new website implies a hosting order (​https://support.mayfirst.org/wiki/faq/site-management/create-hosting-order) and therefore will need the creation of an individual account that has access to the specific webspace. This would create a lot of overhead for the infrastructure team that is taking care of the backbone of each website. Is there a way to create multiple websites with the same account? Or alternatively, is it possible to provide server access to multiple sites to a particular user? We would need to have a single admin user who has access to all, or at least most sites (i.e. ssh login to the webspace).

• it seems WP networks is a possible option that was also tested on MF/PL infrastructure ​https://support.mayfirst.org/wiki/how-to/wordpress/network#no1 We want to explore this option further but we are concerned that it wouldn't give individual site admins enough flexibility. Is there any other option that we are missing besides multi-network and individual hosting orders to setup multiple WP instances?

If you can give us any other pointer or advice on how to efficiently setup multiple websites as subdomains that would be highly appreciated!!

Thanks so much for your help! In Solidarity,

David

[JaimeV]

Replying to David Hofmann:

Questions: Is there a way to create multiple websites with the same account? Or alternatively, is it possible to provide server access to multiple sites to a particular user? We would need to have a single admin user who has access to all, or at least most sites (i.e. ssh login to the webspace).

No all sites must run under their own unique user. This is a security mechanism to ensure that one compromised site is not able to write to files from another. However if your only concern is access via ssh/sftp you can configure each site user's to use the same ssh key. You can do this via the control panel in the server access tab for each hosting order.

• it seems WP networks is a possible option that was also tested on MF/PL infrastructure ​https://support.mayfirst.org/wiki/how-to/wordpress/network#no1 We want to explore this option further but we are concerned that it wouldn't give individual site admins enough flexibility. Is there any other option that we are missing besides multi-network and individual hosting orders to setup multiple WP instances?

You can use a WP network site however it is less flexible. A superadmin needs to install the plugins and themes the network sites will have access to. I would still recommend separating the sites due to the security concerns I cited above.

[David Hofmann]

Great, thanks so much Jaime for the concise and quick reply!

[David Hofmann]

Hi Jaime, sorry need to reopen this, was too fast with the celebration ;)

Since we are a team of three people working on all our websites the solution with the ssh key would imply that we would have to share the private key which does not seem like a proper way to go about this. Do you see any other workaround? Currently it seems to me the only viable solution is to have one standard password for all accounts which, well, does not feel that good from a security stand point. No other workaround? Thank you!!

[JaimeV]

Sharing the same password for 3 separate accounts is still slightly better than sharing the same user and password for access to all 3 websites. Sorry I don't have any other workarounds to offer. A shared password manager might help you.

In our new infrastructure we have devised a way to make allowing this kind of shared access easier but this won't be available until later in the year.

[JaimeV]

Replying to David Hofmann:

Since we are a team of three people working on all our websites the solution with the ssh key would imply that we would have to share the private key which does not seem like a proper way to go about this.

Actually I just thought about this again. The current system allows for you to add more than one public ssh key to each user account under the server access tab. So no, wouldn't necessarily need to share private keys as long as everyone's public key is added to any account they might be expected to access.

[David Hofmann]

Great, thanks! We will go with adding public keys for the three admins! And thanks again for the quick reply, this is really amazing :)