Title: Security plugins & multisite: Network activate? Last modified: August 20, 2016 --- # Security plugins & multisite: Network activate? * Resolved [mhulse](https://wordpress.org/support/users/mhulse/) * (@mhulse) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/) * Hello, * I would like to setup various security plugins for my MS network, but I had a quick question about installation. * Am I supposed to network activate security plugins (unless otherwise noted via install instructions)? * For example, I am using [Login Lockdown](http://wordpress.org/extend/plugins/login-lockdown/), which works great, but I am not sure if I should only activate it for the “main” site or network activate it for all sites (and maintain individual settings for all sites). * I plan on having my bloggers login to: * htt://foo.com/wp-login.php * But I noticed that there’s this login page: * [http://foo.com/blog-name/wp-login.php](http://foo.com/blog-name/wp-login.php) * … and if I don’t network activate the Login Lockdown plugin, then only the main blog wp-login.php page will have Login Lockdown goodness. 🙁 * Optimally, I think it would be cool to disable all other login pages and only allow logging in through the main site’s login page. * Also, I would like to use [Hide Login](http://wordpress.org/extend/plugins/hide-login/), but I’m not sure if I would need to set this up for all sites on my network. * Same goes with the security scan plugins… I should probably test, but it seems like I should be able to install scan plugins only on the main site and not the entire network. * Is there a guide and/or does anyone have any tips on setting up security plugins for a network? * What’s your favorite MS compatible security plugin? * Does any of this make sense? 😀 * Thanks! * Cheers, Micky Viewing 5 replies - 1 through 5 (of 5 total) * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/#post-2569944) * I use Login Lockdown activated on all sites. Seems to work fine. * > Optimally, I think it would be cool to disable all other login pages and only > allow logging in through the main site’s login page. * That would only work for SOME sites. If you do domain mapping, you don’t always want people to log in from maindomain.com :/ * > t seems like I should be able to install scan plugins only on the main site > and not the entire network. * Depends on the plugin, and you’re asking two different questions here. * A proper MultiSite security plugin would be something to enable network wide, but would _only_ have settings etc on the /wp-admin/network pages. Actually that would be REALLY COOL for a lot of plugins, but since most are written for single site, it doesn’t happen as much as I wish 🙂 * There are, however, other plugins you can use to restrict what plugins show up on what sites. * [xzoom](https://wordpress.org/support/users/xzoom/) * (@xzoom) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/#post-2569951) * Hi Ipstenu, * Do you think plugin Lockdown is a important security plugin for login? * Or it is also a good practice to use a captcha plugin for login? * Which is the better way to securize login? * Thanks! * Thread Starter [mhulse](https://wordpress.org/support/users/mhulse/) * (@mhulse) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/#post-2569970) * Thanks a billion Ipstenu! * > That would only work for SOME sites. If you do domain mapping, you don’t always > want people to log in from maindomain.com :/ * Great point! I did not think of that. In our case we are using the “folder” setup, so having the one, primary, login location would work well. If I knew more about WP, and had the time, I would consider writing a plugin to handle redirection from “sub” login pages to the main one. * > A proper MultiSite security plugin would be something to enable network wide, > but would only have settings etc on the /wp-admin/network pages. Actually that > would be REALLY COOL for a lot of plugins, but since most are written for single > site, it doesn’t happen as much as I wish 🙂 * Oh man, that would be awesome! Do you happen know of any off the top of you head? Every security plugin I have found has been single site setups. 🙁 * What’s the best way to search for MultiSite compatible/specific plugins on the WP plugin site (or other site)? From what I can tell, it looks like the best way to do this on the WP site is by tag: * [http://wordpress.org/extend/plugins/tags/multisite](http://wordpress.org/extend/plugins/tags/multisite) * Thanks again Ipstenu! * [@xzoom](https://wordpress.org/support/users/xzoom/): That’s a great question. * I personally think my users would get annoyed at having to type a captcha each time they logged in; but then again, all of our users are “trusted”. * If we had registrations open to the public, I would definitely consider implementing both login lockdown and the captcha. * What do others think? * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/#post-2569988) * **xzoom** * > Do you think plugin Lockdown is a important security plugin for login? * Depends on the site. I use it on one of mine, but not most. * > Or it is also a good practice to use a captcha plugin for login? * I am a HUGE anti-captcha person. Hate ’em. They’re just not friendly to people without perfect vision. * **mhulse** * > If I knew more about WP, and had the time, I would consider writing a plugin > to handle redirection from “sub” login pages to the main one. * The lazy way would be .htaccess … * `RewriteRule ^([_0-9a-zA-Z-]+/)?wp-login.php(.+) http://maindomain.com/wp-login. php$2 [L]` * That’s untested mind you. * And no, I don’t know a security app that handles Multisite that way. But then again, 90% of my security is on the server, not the app. * Thread Starter [mhulse](https://wordpress.org/support/users/mhulse/) * (@mhulse) * [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/#post-2569998) * Ah, I did not even think about rewriting the URLs to point to the main login page!!! Thanks for showing me the light, I will test your solution and let you know how it goes. * Great point about security on the server too… I will talk with the IS Dept. to make sure they are on top of things. * Thanks again!!!! You have been extremely helpful. I can’t thank you enough. 😀 * Cheers, Micky Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Security plugins & multisite: Network activate?’ is closed to new replies. ## Tags * [login](https://wordpress.org/support/topic-tag/login/) * [multisite](https://wordpress.org/support/topic-tag/multisite/) * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 5 replies * 3 participants * Last reply from: [mhulse](https://wordpress.org/support/users/mhulse/) * Last activity: [14 years, 1 month ago](https://wordpress.org/support/topic/security-plugins-multisite-network-activate/#post-2569998) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics