WordPress Multisite Setup For Agencies

Running dozens (or hundreds) of client sites shouldn’t feel like juggling chainsaws. If you’re repeating the same build each time, updating the same plugins across scattered installs, and chasing SSL or DNS issues per project, it’s time to consider WordPress Multisite. Done right, a multisite network lets you standardize, scale, and support client websites with far less friction, while opening doors to productized services and recurring revenue.

Table of Contents

Who Should Use Multisite And When

Ideal Agency Use Cases

Franchise or multi-location brands: Each location gets its own site (or section) with consistent branding and shared features.
Nonprofits, universities, or enterprises with departments: Central governance with site-level autonomy.
Theme-as-a-service or site-as-a-service (SaaS) offerings: Sell prepackaged site plans with gated features.
Multi-language or regional microsites: Share code and design system, localize content per site.
Agencies standardizing delivery: You want rapid provisioning with consistent QA, security, and support.

Real-world example: An agency serving fitness studios deploys a network with a master theme, location template, and centralized updates. New studio? Spin up a site in 2 minutes, map the domain, and hand it off.

When Multisite Is Not A Fit

Strong isolation or separate hosting: Clients need different servers, PHP versions, or root-level isolation.
Heavy eCommerce per site: High-traffic WooCommerce shops often deserve their own stack for performance and risk isolation.
Divergent codebases: If each client needs custom plugin stacks or different editors/builders, you’ll fight the network.
Regulatory constraints: Data residency/per-tenant encryption demands may require separate installs.
Ownership transfers: If you frequently hand off full hosting control, separate installs simplify offboarding.

Decision Checklist: Multisite vs. Separate Installs

Use Multisite if you:

Share a common design system, plugins, and workflows across most clients.
Need centralized updates, security, and reporting.
Plan to productize website plans with tiered features.
Want to template new sites and deploy fast.

Use Separate Installs if you:

Need per-site server tuning, PHP versions, or stack choices (e.g., headless vs. classic).
Expect bespoke functionality per client that diverges from the baseline.
Run mission-critical eCommerce with strict SLAs per site.
Must host in different regions or isolate data per contract.

Planning Your Network Architecture

Subdomains vs. Subdirectories vs. Mapped Domains

Subdomains (site.yournetwork.com): Requires wildcard DNS and wildcard SSL. Clean separation, easy to map custom domains later. Best for SaaS-style networks.
Subdirectories (yournetwork.com/site): Simpler DNS, but constraints apply (e.g., older installations, permalink rules). Often fine for internal/microsite setups.
Mapped domains (clientdomain.com): The most professional client experience. Core supports domain mapping since WordPress 4.5, no separate mapping plugin needed. Point DNS to your network and set the site’s Address (URL) in Network Admin.

Tip: Start with subdomains during build-out: map client domains when content is ready.

Network Roles And Permission Model

Super Admin: Full network control, limit this to your core ops team.
Site Admins: Manage their own site’s content, users (for their site), and site-level plugins/themes you allow.
Custom Roles: Use Members or User Role Editor to create roles like “Editor Plus” or “Marketing Admin.”

Guardrails:

Restrict plugin activation to trusted sets. Use Must-Use (mu-plugins) for critical code.
Enforce 2FA (via plugins like WP 2FA, miniOrange, or Wordfence’s 2FA module) for all admins.

Site Templates And Global Content Strategy

Base template: A starter theme (or block theme) with global styles, menus, and core pages.
Vertical templates: Industry-specific variants (e.g., restaurant, fitness, legal) with relevant patterns.
Global blocks/patterns: Build a library of reusable blocks (headers, footers, CTAs) shared across sites.
Multilingual: Use Multisite for regions or Polylang/TranslatePress in a single site, don’t mix without a plan.

Recommended tools:

Block themes + Patterns: Core block editor, Theme.json, and Pattern libraries.
Site cloning: WP-CLI (site create –clone_from), NS Cloner – Site Copier, or WP Migrate (subsite export/import).
Design systems: Advanced Custom Fields (ACF) + block fields, or native custom blocks for reusable components.

Hosting And Infrastructure Requirements

Server Specs, PHP/MySQL Versions, And Limits

Baseline for a healthy agency network (~20–50 brochure sites):

4+ vCPU, 8–16 GB RAM, NVMe storage.
PHP 8.2 or 8.3 with OPcache: FPM process manager tuned for concurrency.
Database: MySQL 8.0 or MariaDB 10.6+ with query cache disabled, InnoDB only.
PHP settings: memory_limit 256–512M, max_execution_time 120–300, max_input_vars 3000+, upload_max_filesize 64–256M.
Redis (6/7) for persistent object caching.

Managed hosts that support Multisite well (2025): Kinsta, WP Engine, Pressable, Pantheon, SiteGround Cloud, Cloudways, and SpinupWP (DIY but smooth). Confirm domain mapping, wildcard SSL, and Redis support before committing.

SSL, Wildcard Certificates, And DNS

Subdomains: Create a wildcard DNS record (A/AAAA or CNAME) for *.yournetwork.com. Use a wildcard SSL certificate (Let’s Encrypt via DNS-01, or a commercial certificate) on the edge.
Mapped domains: Point client A/AAAA/CNAME to your load balancer/host. Use SAN/auto SSL per domain where supported.
HSTS: Enable at the proxy/CDN once all domains are HTTPS-ready.
DNS providers: Cloudflare, DNSimple, and Route 53 make multi-domain management easier and API-driven.

Object Caching, CDN, And Media Offloading

Page caching: Nginx FastCGI cache or host-level cache: plugin accelerators like WP Rocket or LiteSpeed Cache (if on LiteSpeed).
Object cache: Redis Object Cache Pro (paid) or the free Redis Object Cache plugin.
CDN: Cloudflare (APO supports many multisite setups), Bunny CDN, or Fastly for global delivery.
Media offloading: Offload Media to S3-compatible storage (AWS S3, Cloudflare R2, Bunny Storage) with WP Offload Media. This reduces disk IO and speeds up backups.
Image optimization: ShortPixel, Optimole, or Imagify with per-site quotas and WebP/AVIF output.

Step-By-Step Multisite Installation

Preparing A Clean WordPress Install

Start from a fresh WordPress site on HTTPS with pretty permalinks enabled.
Verify PHP 8.2/8.3 and MySQL/MariaDB versions, and enable Redis if available.
Ensure you have file-level access (SFTP/SSH) and database backups. If using Nginx, have your vhost config handy.

Enabling Multisite In wp-config.php

Edit wp-config.php and add above the “/* That’s all, stop editing. */” line:

define(‘WP_ALLOW_MULTISITE’, true):
2. Log in to WordPress and go to Tools > Network Setup.
3. Choose Subdomains or Subdirectories. Set a Network Title and Admin Email.

Creating The Network And Configuring .htaccess

After submitting, WordPress will give you code snippets.
Add the provided lines to wp-config.php (e.g., define(‘MULTISITE’, true): define(‘SUBDOMAIN_INSTALL’, true/false): and COOKIE constants).
Add the rewrite rules to .htaccess (Apache). For Nginx, translate to location rules per documentation.
Log out and back in as instructed.

Verifying DNS And Domain Mapping

Subdomains: Confirm your wildcard DNS and SSL are active. Creating a new site at site.yournetwork.com should resolve.
Mapping client domains: Add an A/AAAA or CNAME record to your host. In Network Admin > Sites > Edit Site > Settings, set the Site Address (URL) to the mapped domain. Core supports mapping, no separate domain mapping plugin required in 2025.
Mixed content: After enabling HTTPS, run a search-replace for http→https (use WP-CLI search-replace with serialization support) to avoid mixed content errors.

Network Management For Agencies

Global Themes And Plugins Strategy

Fewer, better: Maintain a vetted list of network-approved plugins. Retire overlapping tools.
Block-first approach: Use a single block theme or a small set of child themes. Standardize on the block editor.
Must-Use (mu-plugins): Load shared functionality (security tweaks, SSO, admin branding) via mu-plugins so site admins can’t disable them.
Update cadence: Stage updates weekly: push network-wide only after smoke tests. Use Git + Composer to lock versions.

Recommended tools (agency-tested):

Performance: WP Rocket or LiteSpeed Cache: Redis Object Cache Pro.
Security: Wordfence, Patchstack, or Solid Security (formerly iThemes).
Forms: Fluent Forms or Gravity Forms for stability and integrations.
SEO: Yoast SEO, Rank Math, or SEOPress, pick one network-wide.

Provisioning New Client Sites At Scale

Blueprints: Keep base templates per industry. Store menus, patterns, forms, and sample content.
One-click provisioning: Use WP-CLI (wp site create), NS Cloner, or WP Ultimo if you sell site plans and need checkout + automated provisioning.
Auto-branding: Apply client name, logo, colors, and contact details via a custom onboarding wizard (mu-plugin) or tools like Branda/White Label CMS.

User Onboarding And Client Access Controls

Roles by default: Add Site Admin and Editor accounts per site: restrict plugin/theme access via network settings.
2FA + SSO: Enforce 2FA. For SSO into third-party tools (or corporate IdPs), consider miniOrange or OpenID Connect plugins.
Help-in-dashboard: Add a Help page, Loom walkthroughs, and contextual tips post-onboarding.

Centralized Settings, Branding, And Notifications

Network Settings: Default upload sizes, comment settings, and cron tuning.
Branding: Custom login screens and admin colors across the network: remove WordPress nag messages for clients.
Notifications: Route critical alerts to Slack/Teams with plugins or custom webhooks. Use WP Mail SMTP network-wide with a transactional provider (SendGrid, Postmark, SES).

Performance, Security, And Compliance

Caching Layers, Query Optimization, And Media Strategy

Edge/Page cache: Enable at server/CDN. Purge per site when content updates (hook into save_post and term changes).
Object cache: Redis with proper groups non-persistent (e.g., sessions) to avoid bloat.
Query hygiene: Audit slow queries with Query Monitor: index wp_posts (post_type/status/date), postmeta keys used in filters.
Media: Offload to S3/R2 and serve via CDN with image resizing (Bunny Optimizer, Cloudflare Images, or Optimole) for WebP/AVIF.

Rate Limiting, WAF, And Hardening

WAF: Cloudflare WAF rules or host-provided firewall. Block common exploit patterns and limit xmlrpc.php (or disable if unused).
Rate limiting: Protect login, wp-json, and heavy endpoints. Fail2ban on origin or Cloudflare rate limiting.
Hardening: Disable file editing (DISALLOW_FILE_EDIT), restrict wp-admin by IP for staff, enforce strong passwords, and keep minimal plugin count.
2FA + reCAPTCHA/Turnstile on login forms to deter brute force.

Backups, Disaster Recovery, And SLAs

Backups: Nightly full + hourly incrementals if content-heavy. Test restores quarterly. Ensure object storage for archives.
Granularity: Network-wide backups plus per-site exports for high-value clients.
RPO/RTO: Define targets (e.g., RPO ≤ 1 hour, RTO ≤ 30 minutes for premium plans). Document runbooks.
Tools: BlogVault (multisite-aware), Jetpack Backup, or host snapshots: store offsite (R2/S3) and keep 30–90 days.

Privacy, Consent, And Regional Compliance

Consent management: Complianz or CookieYes to handle GDPR/CPRA banners and records per site.
DPA and SCCs: If you process EU data, keep signed DPAs with processors and Standard Contractual Clauses where required.
Data minimization: Limit plugin data collection: document processors in privacy policies.
Regional edges: Cookie rules vary (GDPR, CPRA, PECR, LGPD). Provide template policies clients can edit: avoid legalese promises, link to counsel when needed.

Development, Migration, And Troubleshooting

Staging, Version Control, And CI/CD

Environments: Maintain dev/stage/prod. Many hosts support staging for multisite: otherwise clone to a staging subdomain.
Version control: Track themes, plugins, mu-plugins, Composer files, not the media or database.
CI/CD: Use GitHub Actions, Buddy, or DeployHQ to build on push, run PHPCS, and deploy to staging, then promote to production.
WP-CLI: Script routine tasks (provisioning, search-replace, cache purges) and keep a playbook in your repo.

Database Migrations Without Collisions

Site IDs and table sets: Each subsite has its own tables (wp_{blog_id}_…). Avoid ID collisions by exporting/importing subsite tables carefully.
Search-replace: Use WP-CLI with –recurse-objects and serialization handling. Scope with –url to target a specific site.
Tools: WP Migrate (by WP Engine) supports multisite subsite export/import and handles serialized data.

Converting Sites Into Or Out Of Multisite

Into Multisite: Create a subsite, import content via WP Migrate or core tools, reassign menus/widgets/blocks, then map the domain.
Out of Multisite: Export subsite tables and wp-uploads paths: convert to a standalone install with updated table prefixes and URLs.
Caveat: Some plugins store options network-wide: plan a mapping strategy or reconfigure post-migration.

Common Errors And How To Fix Them

404s on sub-sites: Missing rewrite rules (check .htaccess/Nginx). Re-save permalinks.
“Cookies are blocked” on login: Check domain and cookie constants in wp-config: ensure consistent HTTPS and no mixed www/non-www.
Mixed content after SSL: Run search-replace, force HTTPS at edge, and update hardcoded URLs.
Media 403/404: Verify uploads paths per site and CDN permissions: if offloading, confirm bucket ACL and signed URL settings.
Too many redirects on mapped domains: Duplicate redirects at CDN, server, and WordPress, pick one canonical layer.
Plugin not Multisite-compatible: Test on staging: if it writes to network tables unexpectedly, replace it.

Billing, Reporting, And Client Operations

Packaging Plans And Feature Tiers

Productize your services:

Starter: Brochure site, base blocks, contact form, monthly updates.
Growth: Additional landing pages, SEO tools, analytics dashboard, priority support.
Commerce: eCommerce-ready template, performance tuning, enhanced backups, SLA.

Gate features by plan: Use WP Ultimo (multisite-focused) to sell subscriptions and control access to themes/plugins, or combine WooCommerce + Subscriptions with custom logic.

Usage Tracking, Cost Allocation, And Invoicing

Track usage: Monitor storage, CDN bandwidth, visits, and API calls. Bunny/Cloudflare analytics + object storage metrics help allocate costs.
Per-site metrics: Use WP Activity Log and server logs to understand heavy sites: set thresholds for upsell prompts.
Invoicing: Stripe Billing or Paddle for global taxes: integrate with your CRM/PSA (e.g., Zoho, HubSpot) for automatic renewals and dunning.

Support, SLAs, And Maintenance SOPs

Support desk: Help Scout or Zendesk with a shared inbox. Embed a support widget in wp-admin for clients.
SLAs: Define response and resolution times by plan. Publish maintenance windows.
SOPs: Document playbooks for onboarding, plugin updates, incident response, and restores. Run quarterly fire drills.
Reporting: Send branded monthly reports (performance, uptime, security scans, updates). ManageWP Client Reports or WPMU DEV tools can help, even if your stack is multisite-centric.

Conclusion

WordPress Multisite can transform your agency from a series of one-off projects into a streamlined, scalable operation. With a smart network architecture, disciplined plugin strategy, and clear client onboarding, you’ll provision sites in minutes, push updates safely, and deliver consistent performance and security.

Next steps: spin up a staging network, define two or three industry templates, and test your full lifecycle, provisioning, domain mapping, updates, backups, and restores. When you’re ready to productize, explore recommended tools like WP Ultimo for plans, WP Rocket or LiteSpeed Cache for speed, and WP Offload Media with Cloudflare R2 for scalable storage.

Want more? Check out our curated lists of best plugins for agencies, top WordPress themes for fast builds, and recommended hosting tailored to multisite. Your future self (and your clients) will thank you.

Key Takeaways

A WordPress multisite setup for agencies standardizes builds, centralizes updates, and spins up new client sites in minutes to drive recurring revenue.
Choose Multisite when clients share a common design system and workflows, and avoid it for isolated stacks, heavy WooCommerce, divergent codebases, or strict data residency.
Plan architecture early: use subdomains during build, map client domains for launch, and manage DNS plus wildcard SSL for clean, scalable domain mapping.
Right-size hosting for 20–50 sites with PHP 8.2/8.3, 4+ vCPU, 8–16 GB RAM, Redis object caching, NVMe storage, and confirm host support for domain mapping and wildcard SSL.
Install and configure quickly by enabling Multisite in wp-config, adding the provided rewrites, verifying wildcard DNS, and using WP-CLI or cloners to template new sites.
Operate at scale with a vetted plugin/theme set, mu-plugins, 2FA and WAF, CDN + media offload, staged updates, tested backups with defined RPO/RTO, and productized plans via WP Ultimo and automated reporting.

Frequently Asked Questions

When should an agency choose WordPress Multisite vs. separate installs?

Use WordPress Multisite when most client sites share a design system, plugin stack, and workflows, and you want centralized updates, security, and rapid templated provisioning. Choose separate installs if clients require different servers or PHP versions, bespoke functionality, strict eCommerce SLAs, or regional/data isolation requirements.

Subdomains vs. subdirectories vs. mapped domains—what’s best for an agency multisite?

Subdomains suit SaaS-style networks and map cleanly to custom domains later (requires wildcard DNS/SSL). Subdirectories are simpler for internal microsites but have constraints. Mapped domains offer the most professional client experience and best branding; core supports domain mapping natively, ideal once content is ready.

What hosting specs and providers do you recommend for a WordPress Multisite network?

For 20–50 brochure sites, start with 4+ vCPU, 8–16 GB RAM, NVMe storage, PHP 8.2/8.3 with OPcache, MySQL 8.0 or MariaDB 10.6+, and Redis object caching. Reliable 2025 hosts include Kinsta, WP Engine, Pressable, Pantheon, SiteGround Cloud, Cloudways, and SpinupWP—confirm wildcard SSL, mapping, and Redis support.

How do I map a client’s custom domain in WordPress Multisite?

Point the client’s A/AAAA or CNAME record to your host/load balancer. In Network Admin > Sites > Edit > Settings, set the Site Address (URL) to the custom domain. Ensure SSL is issued per domain, enable HSTS after HTTPS is stable, and fix mixed content via a search-replace to https.

Does WordPress Multisite affect SEO or indexing across sites?

Each subsite is its own site for crawling and ranking. With mapped domains, branding and SEO equity accrue per client domain. Use per-site sitemaps and Search Console properties, set canonical URLs, and avoid duplicated templates/content without localization. Proper redirects and consistent HTTPS prevent dilution and indexing issues.

How do premium plugin and theme licenses work on a multisite network?

WordPress core is GPL, but commercial vendors often license updates/support per site, per network, or per number of subsites. Network-activating may count as multiple sites. Check each vendor’s EULA, ensure multisite compatibility, and budget for developer/unlimited tiers to stay compliant while centralizing updates.