Title: Multisite
Last modified: August 20, 2016

---

# Multisite

 *  [EllsWeb](https://wordpress.org/support/users/ellsweb/)
 * (@ellsweb)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/)
 * Is there any update on when this plugin will work with multisite?
    I work with
   multisite almost exclusively and multisite users are left out of security enhancements
   like this. Great plugin, if I could use it.
 * [http://wordpress.org/extend/plugins/6scan-protection/](http://wordpress.org/extend/plugins/6scan-protection/)

Viewing 12 replies - 1 through 12 (of 12 total)

 *  [Grace n Ease](https://wordpress.org/support/users/grace-n-ease/)
 * (@grace-n-ease)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368430)
 * I agree. When trying to install this plugin, always get the incompatible with
   multisite message saying it is coming soon, but never hear anything about it.
 *  Plugin Author [6Scan](https://wordpress.org/support/users/6scan/)
 * (@6scan)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368466)
 * Hi all,
 * We are very excited to get the plugin working with multisite, but we want to 
   make sure we do it the right way. We’re still working on it – we’ll make sure
   to update as soon as it’s ready.
 * Thanks!
 *  [BeeCee](https://wordpress.org/support/users/csigncsign/)
 * (@csigncsign)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368474)
 * any updates concerning multisite??
 *  Thread Starter [EllsWeb](https://wordpress.org/support/users/ellsweb/)
 * (@ellsweb)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368475)
 * A plugin like this, with all the knowledge required to take care of security,
   I’m surprised, especially as long as multisite has been out, that they drag their
   feet on implementing such compatibility.
 * I’m not sure I would want it on my site if it’s that hard for them to make it
   multisite compatible.
 * In most configurations, all of the files are accessible from the base site. All
   other sites use the same files it’s just handled differently with the database.
   So, it shouldn’t really be that hard. Activate on the base site and scan, all
   sites (but the coding checks for multisite and if multisite is found, it just
   echos out that it’s not multisite compatible).. Of course, I don’t have a clue
   what I’m talking about… lol
 *  Plugin Author [6Scan](https://wordpress.org/support/users/6scan/)
 * (@6scan)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368476)
 * Hey ellsweb,
 * While I wish it was that simple, adding multisite raises a slew of issues we’re
   battling with. Here are a few example questions we need to answer:
    - Who administers 6Scan, the super administrator or the sites’ adminstrators?
      In order to comply with some sites’ management policies, we might need to 
      actually have two different dashboards, one for each.
    - What happens if a site administrator wants to fix a vulnerability in a plugin
      that’s been installed on all sites by the super administrator? This would 
      entail modifying files for other sites, which they should not be able to do,
      but we can’t apply a fix only for a specific site on such plugins. Conversely,
      what happens if the super administrator fixes a vulnerability (manually or
      automatically) but then the site administrator wants to undo that fix?
    - What if a site administrator wants 6Scan to scan their site, but the super
      administrator does not? We can’t scan only a single site, because much of 
      the files are common to all sites. We’d end up getting complaints from the
      super administrator for scanning his files without his permission — something
      we take very seriously.
 * So far it seems that no matter which answers we chose, we’d be working against
   policies of many other users. We’re still trying to figure out what’s right —
   any input we could get from the community on these questions would be much appreciated!
 *  Thread Starter [EllsWeb](https://wordpress.org/support/users/ellsweb/)
 * (@ellsweb)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368477)
 * Hi 6Scan,
 * Taking points as presented.
 * Only Super Administrators can modify plugins. Subsites do not have that functionality.
   I don’t believe there are any configurations of multisite that allow for subsites
   to have access to files. Attempting to produce a plugin that allows for that,
   would actually override the functionality of WP Multisite and would create massive
   security issues no matter how it is applied.
 * If a site admin wants to fix a vulnerability in a plugin, they would have to 
   communicate with the Super Admin to accomplish such a task. The Super Admin runs
   the network. The Super Admin is responsible for such changes and if a fix was
   something relating to security, and the site admin didn’t like it, well… then
   maybe the site admin might want to consider creating their own network. Can you
   imagine what would happen at wordpress.com if site admins had the ability to 
   determine which changes were to be made to plugins? I will tell you.. They would
   be reminded that self hosting is an option.
 * Last, it seems you are attempting to factor in things that are completely outside
   the scope of multisite configurations. If you put all your “if’s” aside and deal
   with WP Codex and that alone, that would be a major step in the right direction.
 * Why try to put in all of those “if’s” into consideration, when we all know they
   don’t apply to WP Multisite?
 * Super Admins have that control, nobody else. And nobody else should have that
   control. If there is a security issue with a setup, your software should handle
   that at the Super Admin level, not any other level.
 * Let the Super Admins administer the network.
    The way it is now, even Super Admins
   don’t have the ability to scan their sites with your software. IF there is a 
   way to do what all of your “if’s” suggest as possibilities, then I would understand
   your argument. But, the reality is, you attempting to create all the roadblocks
   that do not exist, only makes your job harder.
 * If a site admin wants to come to you and ask for a functionality that WP doesn’t
   allow, you can just as easily tell them that isn’t possible and that they should
   talk with their Network Admin regarding such things. And if they don’t want to
   do that, then they can administer their own network.
 * Multisite is not that difficult to understand. There is a Network Admin (which
   is the Super Administrator). The responsibility for the network rests with that
   administrator. It’s that simple. And that’s the way WP has set it up. Until they
   change it, let’s just go with their program and work with the new way of doing
   things “IF” that ever happens.
 * [edit]
 * You might consider looking at Wordfence and the way they set up their plugin.
   Their plugin is a network activated plugin. It creates a network admin menu item(
   nowhere else) and when a scan is done, it is done from the network dashboard,
   nowhere else.
 * That is where your plugin should reside, since all files are scanned from one
   place and should only be scanned from one place. If code exists on a subsite 
   that was allowed by a site admin, the alert would show up in the scan available
   to the Network Administrator. And the correction process would then be initiated
   based upon the Network Administrator’s own discretion.
 *  [Grace n Ease](https://wordpress.org/support/users/grace-n-ease/)
 * (@grace-n-ease)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368478)
 * Wow Ellsweb,
 * That was pretty comprehensive. You forgot to mention that Site Admins don’t have
   access to upload plugins or themes. And they aren’t able to edit any files. They
   only have access to plugins that are not network activated, according to the 
   way WordPress works. I don’t know if there are plugins that change that, but 
   I would think that would be something not allowed, unless the Super Admin made
   a Site Admin a “Super Admin”, which is possible with WordPress.
 * I use “WordFence” and you are right, it is a network activated plugin that scans
   from the network dashboard.
 * I have a question though, does “6scan” scan the database? The reason I ask that
   is because if something is allowed on a Sub Site by a Site Admin (that was a 
   security issue) would “6scan” catch it if it doesn’t scan the database? Or does“
   6scan” only scan files for vulnerabilities?
 *  Thread Starter [EllsWeb](https://wordpress.org/support/users/ellsweb/)
 * (@ellsweb)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368479)
 * I don’t know all of what 6scan does. I can’t use it on my multisites so I didn’t
   get really deep into it. I usually read as much as I can about those things, 
   but I haven’t with 6scan.
 * The description says it is more in line with protecting sites from hackers and
   exploits, so I would think it is more for protection from someone trying to do
   something to your site or network.
 * What I do know is 6scan would have to be able to scan the database to determine
   how many sites there are and what they are so that it can protect the static 
   login pages from malicious attempts to access and damage the network.
 * However, it is my understanding that a breach in one subsite wouldn’t give a 
   hacker access to the network unless the network admin account is hacked. They
   might damage a subsite, but not the network. In that case, the Network Admin 
   should have something set up to require harder passwords and encourage usernames
   that aren’t easy to guess.
 * Although, some bots can find usernames by scanning the source of some sites..
   It all gives me a headache trying to figure out all of what security has to do
   to protect a site.
 * But, multisite isn’t as fluid a configuration as what the questions raised above
   imply. There are different configurations, but they all pretty much function 
   the same way. Even the difference between subdirectory subsites and subdomain
   subsites is still a manipulation of the database, it’s just knowing how that 
   manipulation works. The structure is still basically the same. WordPress creates
   the illusion of a subdomain install and it creates an illusion of subdirectory
   installs (based on the choice made at initial configuration of the network). 
   It’s all still the same files. No extra directories full of seperate installs..
   it’s all one install.
 * Of course, I could be way out in left field in my understanding, but that is 
   what I have been able to figure out.. lol
 *  [Grace n Ease](https://wordpress.org/support/users/grace-n-ease/)
 * (@grace-n-ease)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368480)
 * mhmmm..
 * that made it clear as mud.. lol
 *  Thread Starter [EllsWeb](https://wordpress.org/support/users/ellsweb/)
 * (@ellsweb)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368481)
 * Thinking about what might be considered individual site control such as maybe
   a site dashboard menu item, one could consider placing a dashboard item to give
   the individual site certain amounts of control over their site.
 * One item I would consider of value would be allowing a site admin the option 
   to protect the login area or the dashboard area using 6scan. A couple or a few
   check boxes would accomplish that if you want to give that option. I wouldn’t
   concern myself with whether or not a site admin should have the ability to scan
   files, UNLESS some sites might offer frontend uploading of files or even backend
   uploading of files on an individual site. In those cases, I would presume it 
   wise (if files are scanned) to allow a site admin the option to scan uploaded
   files.
 * But other than that, I don’t see where there is a need for any site admin to 
   need to scan files relating to the installation of any plugin, theme or core 
   files of the network. I hope I said that so that it is understandable.
 * But I would reiterate the fact that site admins do not upload plugins or themes,
   there is no allowance for that in WordPress. All theme and plugin uploads as 
   well as installations are done in the network admin section (as are the editing
   of plugin and theme files) via the network admin “editing” menus respectively
   to themes and plugins.
 * If there are multiple networks allowed on a multisite install, there is still
   the fact that only the Super Admin uploads and installs themes and plugins. All
   options for selection of plugins and themes available on a network are under 
   the control of Super Admin (or Network Admin) and unless the Super Admin makes
   another user a Super Admin of the network there is only one Super Admin.
 * That’s my understanding anyway. I hope that helps.
 *  Plugin Author [6Scan](https://wordpress.org/support/users/6scan/)
 * (@6scan)
 * [13 years, 4 months ago](https://wordpress.org/support/topic/multisite-37/#post-3368482)
 * Thanks ellsweb! We’ll take a look at how the other plugins work, and look at 
   your suggestions as well to see if maybe it’s simpler than we thought. Thanks
   again for your help!
 *  [Dan & Jennifer](https://wordpress.org/support/users/danstuff/)
 * (@danstuff)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/multisite-37/#post-3368503)
 * Hi there. We too would love to see the plugin support multisite, as our sites
   run multisite.
 * I’d like to agree completely with ellweb’s first answer above:
 * > Super Admins have that control, nobody else. And nobody else should have that
   > control. If there is a security issue with a setup, your software should handle
   > that at the Super Admin level, not any other level.
   >  Let the Super Admins administer
   > the network.
 * Absolutely right on. The network administrator is the only one with the control
   in multisite, the only one who can install/update plugins, etc.
 * For us, even if you guys added any admin visibility into the security stuff at
   the sub-site level (which I still don’t think is necessary at all) – but if you
   did, I’d like to see a checkbox at the network level to hide any visibility of
   this plugin from the sub-sites. 🙂
 * What’s really important is providing this security to multisite installs, and
   the only true administrator of a wordpress multisite is the network admin.
 * Hopefully this makes implementing the plugin for multisite easier – as it takes
   quite a few of the other considerations off the table. 🙂
 * Thanks!!

Viewing 12 replies - 1 through 12 (of 12 total)

The topic ‘Multisite’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/6scan-protection_c89f74.svg)
 * [6Scan Security](https://wordpress.org/plugins/6scan-protection/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/6scan-protection/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/6scan-protection/)
 * [Active Topics](https://wordpress.org/support/plugin/6scan-protection/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/6scan-protection/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/6scan-protection/reviews/)

## Tags

 * [multisite](https://wordpress.org/support/topic-tag/multisite/)

 * 12 replies
 * 5 participants
 * Last reply from: [Dan & Jennifer](https://wordpress.org/support/users/danstuff/)
 * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/multisite-37/#post-3368503)
 * Status: not resolved