My previous article Sharing users across multiple WordPress installations explains how to prepare for our current task. In order to be able to access multiple WordPress blogs with only one login we have to have common users across those installations. This article will deal with additional requirements necessary to accomplish our goal.
WordPress authentication is cookie based which means that after successfull login the cookies identifying logged in user are created. Normally these cookies are different for different installations. How to make them identical for all shared installations will be explained later within this article. If you look into wp-config.php you'll find four defines for security keys:
- AUTH_KEY
- SECURE_AUTH_KEY
- LOGGED_IN_KEY
- NONCE_KEY
Above keys are being called Authentication Unique Keys.
Important: they have to be identical for all of our shared blogs.
There is one more key and two salts used in the process of authentication:
- SECRET_KEY
- AUTH_SALT
- LOGGED_IN_SALT
Values for these key are being generated internally by WordPress unless you define them in wp-config.php.
Important: these values should be exactly the same for all our shared blogs.
Salts are MD5 values and you can generate them here.
Now it's time to make our cookies work. All our shared blogs should reside within the same domain (either in subdomains or subdirectories). For this we will need eight additional defines in our wp-config.php:
- COOKIE_DOMAIN
- COOKIEPATH
- USER_COOKIE
- PASS_COOKIE
- AUTH_COOKIE
- SECURE_AUTH_COOKIE
- LOGGED_IN_COOKIE
- TEST_COOKIE
First two defines should be:
define('COOKIE_DOMAIN', '.yourdomain.com');
define('COOKIEPATH', '/');Please note the dot '.' in front of domain name. It is necessary for the cookies being accessible across all subdomains.
Next six values are names of the cookies being part of the process. I have generated these names using GRC "Perfect Passwords" Generator. There is another one - Secure Password Generator, suggested by Jacke H, one of our visitors.
Below - wp-config.php for one of our shared installations:
<?php
/**
* The base configurations of the WordPress.
*
* This file has the following configurations: MySQL settings, Table Prefix,
* Secret Keys, WordPress Language, and ABSPATH. You can find more information by
* visiting {@link http://codex.wordpress.org/Editing_wp-config.php Editing
* wp-config.php} Codex page. You can get the MySQL settings from your web host.
*
* This file is used by the wp-config.php creation script during the
* installation. You don't have to use the web site, you can just copy this file
* to "wp-config.php" and fill in the values.
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'abc');
/** MySQL database username */
define('DB_USER', 'abc_admin');
/** MySQL database password */
define('DB_PASSWORD', 'password');
/** MySQL hostname */
define('DB_HOST', 'hostname');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
/**#@+
* Authentication Unique Keys.
*
* Change these to different unique phrases!
* You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/ WordPress.org secret-key service}
* You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
*
* @since 2.6.0
*/
// START identical for all sites
define('AUTH_KEY', 'G|O5$1/H0Qm4lb,C+G1Iu|*usXVN(VA6*HgPv-r?{;%,,/*-88$=+(<->[F.>R#_');
define('SECURE_AUTH_KEY', '4(R[s@|wv%/A}G|bT0|7+>qBT#[+knmD;m!+V5zUOb;+eX+!y.P9=$bd]B@NFJHL');
define('LOGGED_IN_KEY', '4/ENGd}Pj0|Hr/ADusLeHx(+?Q*0l!gnMBNE|!lRR jEt)}NX!i4Y{TuL?@p8xy]');
define('NONCE_KEY', '<ngHr}~(<|1@rOE]<0Z--jx+kfNl:ml[&W7-&h})}.^HTJKM04cV!*6cQGEnf[DN');
define('SECRET_KEY', '<ngHr}z(<|1@rOE]<0Z--jx+kfNl:ml[&W7-&h})}.^HTJKM04cV!*6cQGEnf[DN');
define('AUTH_SALT', 'D&6^08SNk+4seoy7LeV.S8KKBsADu_&-AC8fLyQQd*=wcbM.Z)!+4?<.|d1#rzC>');
define('LOGGED_IN_SALT', 'SqO|hthO|~ND6aF+`Y*W54z_E%Y_L,/y+`[5[4+=|F@W,/n+c|{OkX|*:-[z3TPc');
define('COOKIE_DOMAIN', '.yourdomain.com');
define('COOKIEPATH', '/');
define('USER_COOKIE', '3EC67573364C3D9A4ED82E1977D1407B');
define('PASS_COOKIE', '3157A4712DDD8777B7A86C64EC3547E6');
define('AUTH_COOKIE', 'DBC67C58653083F5313548C1593BE3FC');
define('SECURE_AUTH_COOKIE', '9330AF9D79B53117340DFC09D0C07064');
define('LOGGED_IN_COOKIE', '78876E53AC0622107F0B251492E345F2');
define('TEST_COOKIE', '84F4BA2A69803FB785FE0B9D675C9E86');
// END identical for all sites
/**#@-*/
/**
* WordPress Database Table prefix.
*
* You can have multiple installations in one database if you give each a unique
* prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'b_';
/**
* WordPress Localized Language, defaults to English.
*
* Change this to localize WordPress. A corresponding MO file for the chosen
* language must be installed to wp-content/languages. For example, install
* de.mo to wp-content/languages and set WPLANG to 'de' to enable German
* language support.
*/
define ('WPLANG', '');
define('CUSTOM_USER_TABLE', 'a_users');
define('CUSTOM_USER_META_TABLE', 'a_usermeta');
define('CUSTOM_CAPABILITIES_PREFIX', 'a_');
define('OTHER_BLOGS_PREFIXES, 'a_,c_');
/* That's all, stop editing! Happy blogging. */
/** WordPress absolute path to the Wordpress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');All done. Login to one of the shared blogs and try to access another one. You'll see that you're already logged in!
Using 2.92 and this worked brilliantly. Really a powerful capability for certain types of applications.
One of our visitors, Jacke H, suggested an alternate Secure Password Generator.