[wp-trac] [WordPress Trac] #15467: Multisite with separate users table

WordPress Trac noreply at wordpress.org
Sat Mar 2 16:55:21 UTC 2024 

#15467: Multisite with separate users table
---------------------------------------+------------------------
 Reporter:  fale                       |       Owner:  (none)
     Type:  feature request            |      Status:  reopened
 Priority:  normal                     |   Milestone:
Component:  Networks and Sites         |     Version:  3.0.1
 Severity:  normal                     |  Resolution:
 Keywords:  needs-codex needs-testing  |     Focuses:  multisite
---------------------------------------+------------------------
Changes (by CodeBard):

 * status:  closed => reopened
 * resolution:  wontfix =>


Comment:

 I think privacy and data protection regulation is an argument against
 implementing this feature. If you're managing multiple separate client
 sites on one multisite installation of WordPress, with one database that
 shares some tables (eg. wp_blogs) but not others, then you're setting
 yourself up for data protection concerns and maintenance overhead that
 will not be solved by using separate users tables

 Thats incorrect. The law requires separate sites do not share the same
 info. It does not say anything about using the same database. If it did,
 almost entire world of website SaaS would be in upheaval. Such
 requirement exists only in certain legislative zones, only for certain
 applications, and even at that, for compliance - not as a requirement.
 (ie, Brazil privacy las require legal sites not share a database for
 compliance)

   Privacy and data protection regulations that apply to a site where users
 are contained within one table will still apply to a site where users are
 contained within multiple tables in the same database.

 This is a null argument. The legal requirement is that the sites not be
 able to access each other's data. It doesnt have any problem with using
 the same database.

   The WordPress and hosting ecosystem is quite different to how it was
 back in 2010 when multisite was merged into WordPress and when this ticket
 was opened, as are privacy and data protection regulations. Storage space
 is cheap and tools such as WP-CLI and services such as ManageWP allow
 multiple sites to be managed with greater ease.

 Well, this feels out of touch with the realities of the world that the
 users live in. Not only a lot of users host multiple sites in multisite
 installations instead of having to manage multiple hosting accounts and
 sites, but also a lot of agencies have gone the way of using multisite to
 easily host, maintain and update the websites of their clients. These
 users span from small businesses to universities to nonprofits as
 multisite still remains the best and easiest way to maintain innumerable
 similar sites than entering a scripting and command line hell. WP, like
 other open source projects that cater to the majority instead of technical
 minorities, must make things easier, not harder. And no, wp cli and
 command line are not 'easy', nor economical for the design houses that
 server individuals and small to medium businesses, leave aside the average
 user. Proposing this feels like you are looking at this from a
 programmer's window, not the users' window.

 I would like to remind you what was the recent reaction of the community
 when someone proposed deprecating multisite to put the perspective of the
 importance and the prolific-ness of multisite into perspective:

 https://wptavern.com/wordpress-multisite-is-still-a-valuable-and-often-
 necessary-tool

 https://wpowls.co/articles/its-time-to-give-wordpress-multisite-some-love/

 ...

 In addition to these, awareness of the recent Eu cyber resilience act
 seems to be quite lacking in the community: The new law considers those
 who 'deploy software for profit' responsible with the security issues of
 those software with fines ranging from 10% of annual revenue to 10 million
 Euros. The vague wording of this law looks like it will put everyone from
 small agencies and web hosts to actual users who use wp for their business
 as the end user as legally responsible for the software that they use,
 which means that deploying less things and offloading the responsibility
 to other services by not entering any of the software & management angle
 of hosting. This means that using multisite for multiple sites with
 everything else offloaded to host would likely be safest - much better to
 deploy multisite for a dozen or hundred sites and be responsible with its
 security vulnerabilities than take on the management of hosting accounts,
 leaving aside hosting software or command line and increase the surface
 area for responsibility and risk.

 I will reopen this as this is important to a lot of us in the community.
 Maybe someone who looks at things from a users' perspective can take a
 look at this.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/15467#comment:39>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list