Multisite-Native Security: One Block, Network-Wide
WordPress multisite security has a structural weakness: an attacker brute-forcing one sub-site is invisible to the others. ReportedIP Hive 2.0 closes that gap by sharing one threat state across the whole network — one block locks the IP out everywhere.
This guide explains the network-only model, how cross-site attacks aggregate, and what site admins can and cannot change.
What is ReportedIP Hive?
ReportedIP Hive is a complete WordPress security plugin — 12 attack sensors, four 2FA methods, progressive blocking and opt-in community threat intelligence — fully Multisite-aware since 2.0. The full ReportedIP Hive feature set applies network-wide.
Network-only activation, one shared threat state
On Multisite the plugin is network-activated only — per-site activation is hidden by WordPress. All seven tables move to $wpdb->base_prefix, so a single decision applies network-wide: cross-site brute-force attempts aggregate into one central attempts row, and one entry in the blocked table locks the IP out of every sub-site at once. A botnet hopping between sub-sites is counted as one campaign, not many isolated nuisances.
What super admins and site admins each control
Super Admins manage the network settings and are forced into 2FA setup unconditionally (the reportedip_hive_2fa_enforce_super_admins toggle defaults on). Site Admins on a sub-site get a read-only Status and Logs view plus a single 2FA Site Settings page with exactly two writable overrides: the per-site Frontend-2FA slug, and additive enforcement roles — a site admin can add a role to 2FA enforcement but cannot drop one the network requires.
The trusted-device cookie widens to SITECOOKIEPATH, so a single “trust this device” decision carries across the whole network. Cron is scheduled only on the main site (guarded by is_main_site()) to avoid duplicate runs per sub-site.
Migration is transparent
A single-site install upgrading to 2.0 auto-migrates on the first admin visit — the only schema change is an ALTER TABLE … ADD COLUMN blog_id with default 1, no data movement. Dedicated Schema, Migration_Manager and Option_Routing service classes mediate every Multisite-relevant access, and the change is covered by 435 single-site plus 19 Multisite PHPUnit tests on every commit.
Plan limits for multiple domains
Network protection is free, but the managed-relay and multi-site dashboard comfort scales with the plan: 3 domains on Professional, 15 on Business, and a custom limit on Enterprise. The local firewall, sensors and 2FA work network-wide regardless of plan.
Related guides
- Local Shield vs. Community Network across a network
- The progressive block ladder, applied network-wide
- The setup wizard and dashboard on Multisite
The WordPress plugin documentation covers network configuration. Browse the full ReportedIP Hive plugin guides, or read the routing layer on GitHub.