Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Server1 <-> server2 setup? Question Question
Running a web-based video game on a droplet Question Question

Question

WordPress Multisite and Wildcard DNS Issue

Posted April 10, 2019 2.9k views
WordPressDNSLoad BalancingUbuntu 18.04

I have successfully setup a subdomain WordPress multisite. I have a few concerns that I am not sure and I want to solve it ASAP.

  1. Since I want to use subdomain multisite, I need to allow wildcard in my DNS. I am using Cloudflare to manage all my domains. So, I put * to my A record. However, in Cloudflare wildcard DNS will not have proxy protection from Cloudflare unless you are an enterprise customer. It means now, the IP for all new sites in my multisite network can be exposed, right? Isn’t that dangerous? Isn’t it will expose to DDOS attack? How to protect this IP address?

  2. I enable the domain mapping in the multisite, so people can use their own domain for their site. To map a domain, they need to add CNAME record to my multisite URL or add A record the multisite IP address. Is there a way that I can use alternate or floating IP address, so the real IP of the multisite server will never be exposed?

Add a comment
blackfriday
By:
blackfriday

Related

Join the DigitalOcean Community Community

Join 1M+ other developers and:

  • Get help and share knowledge in Q&A
  • Subscribe to topics of interest
  • Get courses & tools that help you grow as a developer or small business owner
 Join Now
Server1 <-> server2 setup? Question Question
Running a web-based video game on a droplet Question Question

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer
jarland April 10, 2019

Greetings!

Great questions. Let me see if I can take a swing at them:

  1. This is true, it does expose you and make it more difficult to dance around DDOS attacks. You have to decide if that is a risk that you’re willing to take, or how far you’re willing to go to avoid it. There is a point at which it is cheaper to assume the risk than to protect against it, and only you know where you sit on that line. It’s hard to use a CDN proxy like CloudFlare for something like that though, because the IPs are shared and traffic is routed by hostname. So when the hostname comes in as the client’s site and not yours, their proxy doesn’t know where to route it. Multisite makes a situation like that much more complicated. It works best with a dedicated IP, which isn’t something a CDN tends to give away without a high cost associated.

  2. A floating IP should work fine without extra configuration. I can’t think of a reason this would add any significant complexity.

Jarland

Reply Report

Related

Looking for something else?

Ask a new question Search for more help