DigitalOcean Kubernetes: new control plane is faster and free, enable HA for 99.95% uptime SLA

Question

WordPress Multisite and Wildcard DNS Issue

I have successfully setup a subdomain WordPress multisite. I have a few concerns that I am not sure and I want to solve it ASAP.

  1. Since I want to use subdomain multisite, I need to allow wildcard in my DNS. I am using Cloudflare to manage all my domains. So, I put * to my A record. However, in Cloudflare wildcard DNS will not have proxy protection from Cloudflare unless you are an enterprise customer. It means now, the IP for all new sites in my multisite network can be exposed, right? Isn’t that dangerous? Isn’t it will expose to DDOS attack? How to protect this IP address?

  2. I enable the domain mapping in the multisite, so people can use their own domain for their site. To map a domain, they need to add CNAME record to my multisite URL or add A record the multisite IP address. Is there a way that I can use alternate or floating IP address, so the real IP of the multisite server will never be exposed?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Sign up now

jarlandApril 10, 2019

Greetings!

Great questions. Let me see if I can take a swing at them:

  1. This is true, it does expose you and make it more difficult to dance around DDOS attacks. You have to decide if that is a risk that you’re willing to take, or how far you’re willing to go to avoid it. There is a point at which it is cheaper to assume the risk than to protect against it, and only you know where you sit on that line. It’s hard to use a CDN proxy like CloudFlare for something like that though, because the IPs are shared and traffic is routed by hostname. So when the hostname comes in as the client’s site and not yours, their proxy doesn’t know where to route it. Multisite makes a situation like that much more complicated. It works best with a dedicated IP, which isn’t something a CDN tends to give away without a high cost associated.

  2. A floating IP should work fine without extra configuration. I can’t think of a reason this would add any significant complexity.

Jarland

Try DigitalOcean for free

Click below to sign up and get $100 of credit to try our products over 60 days!

Sign up