WordPress Multisite and Wildcard DNS Issue

Question

I have successfully setup a subdomain WordPress multisite. I have a few concerns that I am not sure and I want to solve it ASAP.

Since I want to use subdomain multisite, I need to allow wildcard in my DNS. I am using Cloudflare to manage all my domains. So, I put * to my A record. However, in Cloudflare wildcard DNS will not have proxy protection from Cloudflare unless you are an enterprise customer. It means now, the IP for all new sites in my multisite network can be exposed, right? Isn’t that dangerous? Isn’t it will expose to DDOS attack? How to protect this IP address?
I enable the domain mapping in the multisite, so people can use their own domain for their site. To map a domain, they need to add CNAME record to my multisite URL or add A record the multisite IP address. Is there a way that I can use alternate or floating IP address, so the real IP of the multisite server will never be exposed?

Answer 1

jarland April 10, 2019

Greetings!

Great questions. Let me see if I can take a swing at them:

This is true, it does expose you and make it more difficult to dance around DDOS attacks. You have to decide if that is a risk that you’re willing to take, or how far you’re willing to go to avoid it. There is a point at which it is cheaper to assume the risk than to protect against it, and only you know where you sit on that line. It’s hard to use a CDN proxy like CloudFlare for something like that though, because the IPs are shared and traffic is routed by hostname. So when the hostname comes in as the client’s site and not yours, their proxy doesn’t know where to route it. Multisite makes a situation like that much more complicated. It works best with a dedicated IP, which isn’t something a CDN tends to give away without a high cost associated.
A floating IP should work fine without extra configuration. I can’t think of a reason this would add any significant complexity.

Jarland

Reply Report

Related