Title: Security between multisite sub-sites Last modified: August 22, 2016 --- # Security between multisite sub-sites * [Matt](https://wordpress.org/support/users/syntax53/) * (@syntax53) * [11 years, 1 month ago](https://wordpress.org/support/topic/security-between-multisite-sub-sites/) * So I’ve been running on some assumptions and can’t really find any clarification anywhere so I figured I would finally just post and ask– * Since multisite installations share a database (and obviously file system) the only thing that prevents an author of a subsite from accessing the main site or another subsite’s data is by not allowing them any means of doing so. By that I mean not giving the author/manager of another site the ability to edit themes/ plugins and/or install plugins that would give them any sort of php coding / mysql querying capabilities. * For example, I recall seeing this plugin awhile back: [https://wordpress.org/plugins/php-code-widget/](https://wordpress.org/plugins/php-code-widget/). It does say in the plugin’s description, “Only users with the unfiltered_html role will be allowed to insert unfiltered HTML.” * Basically what I’m getting at is, first of all, are my assumptions correct? And secondly, is there a guide somewhere to setting permissions for authors/editors of other subsites with security in mind? I know one of the people that will be managing a future subsite is very knowledgeable and I’m thinking I may need to provide him a completely separate wordpress install for maximum security as I know he’ll be asking for additional permissions down the line. * Thanks Viewing 1 replies (of 1 total) * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [11 years, 1 month ago](https://wordpress.org/support/topic/security-between-multisite-sub-sites/#post-5902464) * Don’t bump please. It doesn’t actually help. * Users only have access to sites they’ve been _explicitly_ added to. * SuperAdmins are the only ones with unfiltered HTML access. * SuperAdmins are the only ones who have access to add/edit themes and plugins. * Per-Site Admins can activate plugins, if that option is chosen in Network Settings. Viewing 1 replies (of 1 total) The topic ‘Security between multisite sub-sites’ is closed to new replies. * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 1 reply * 2 participants * Last reply from: [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * Last activity: [11 years, 1 month ago](https://wordpress.org/support/topic/security-between-multisite-sub-sites/#post-5902464) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics