Setting up a single login across WordPress and WordPress MU

By michael  |  July 20th, 2009  |  Published in Development, WordPress  |  7 Comments

We recently ran into a client who needed help getting his WordPress installation and his WordPress MU installation communicating together. They had WordPress installed in the root directory of their website, and WPMU installed in a sub-directory of the same website. Both WP installations were on the same DB.

Unfortunately I was unable to get a good copy of their MySQL tables, so I had to recreate this setup on my own. I did a little research and found out that many people have similar setups and many people have different solutions. I felt like it might be beneficial to share my experience with this.

First, I downloaded the latest WP and WPMU (2.8.1 at the time). I setup a new MySQL DB and extracted WP and WPMU into their respective directories (remember WordPress was in the root and WPMU in a sub-folder).

Something like this:

/wordpress/
/wordpress/wpmu/

After messing around for a while I determined it was easiest to install WPMU first. There was two reasons for my thinking, one of which was no necessary. First, if you were to install WordPress first, when you tried to install WPMU it would get confused because it would see the wp-config.php file below. Don’t ask me why this is, it just is. Second, I was thinking about changing the WP DB prefix (default: wp_) to something else. In WordPress you can do this during the install, in WPMU you have to edit the files to get this accomplished. This was the part that wasn’t really important, because I actually kept both using wp_ as the prefix.

Ok, WPMU is installed and working, now I installed WP. At the end of the install, it sees that there is already a wp_users table, with an Admin user in it. This caused me a little problem because I think it actually reset the password without telling me the new password. So I had to go into phpMySQL to reset the password to something I knew. Hardly a huge problem, but still it might make you think that everything is broken when you cannot log into either WP or WPMU!

Now, the goal is to be able to log into either WP or WPMU and then not have to log in again when you switch to the other. So, I needed to be able to log into WP and then go to WPMU without it asking me to log in again (and vice-versa). This is all about COOKIES! There are a bunch of people who have different solutions, but the easiest solution for me was to make sure that both the WP auth cookie and the WPMU auth cookie were identical. This is not as easy as it sounds, because MU handles cookies slightly different than WP. But ultimately, I just needed to edit wp-config.php in both WP and WPMU to get it to work perfectly.

Here are my setting changes:
define(‘COOKIE_DOMAIN’, false);
define(‘ADMIN_COOKIE_PATH’, ’/’);
define(‘COOKIEPATH’, false);
define(‘SITECOOKIEPATH’, false);
define(‘COOKIEHASH’, ‘vy48u9w38868t7t99jh8g137x221r5h1h8’);
define(‘AUTH_KEY’, ‘49uld4y46i3432ugvi346uv86uci53v5529jj5z265i987u43snbxwj3ps92u2lr’);
define(‘SECURE_AUTH_KEY’, ‘f2et8b6xck64m4j2vmqcuqxb57s3rk5edh5d19pq114ef7y67g35i6m682lr288z’);
define(‘LOGGED_IN_KEY’, ‘mywu969v3tcf2uer82vxisx8k6sq2neib5qs1qt4sx383slslb5t1xep12hbtcxs’);
define(‘NONCE_KEY’, ‘bde6j26r93lvwmgwydw7x3kp74r5299q8vxe832y7r616lf215142e5t4vc55j36’);
define(‘AUTH_SALT’, ‘3856m559klvidrx34fi574ct32r94x77bepr7638jmuw22d29883i82k76un2tm4’);
define(‘LOGGED_IN_SALT’, ‘jq4p67bv772nd73w4zm6286552x755v6293qpj5fbe34fxy894trdu77h38586n2’);
define(‘SECURE_AUTH_SALT’, ‘i9hlmd67n21j2u485645in9vu6v92itgfmja6bjfbc36gqc673svlis9u789316p’);
define(‘TEST_COOKIE’, ‘TEST_COOKIE’.COOKIEHASH);

I actually copied the AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY, NONCE_KEY, AUTH_SALT, LOGGED_IN_SALT, and SECURE_AUTH_SALT from the WPMU wp-config.php file. I just copied it over the normal WP wp-config.php settings. Then I added the other lines and everything worked. It didn’t require any additional plugins or work.

I sent the instructions to the client, he followed exactly what I did here and it worked fine for him. So, if you have a similar need, I’m pretty confident this will work for you.

Responses

  1. Stephen R says:

    August 22nd, 2009 at 12:52 pm (#)

    So far it's worked like a champ with Virtual Multiblog. Still testing, but the initial run is just great. Thanks!

  2. Lew Ayotte says:

    August 22nd, 2009 at 12:56 pm (#)

    Thanks Stephen, let us know if you run into any oddities. We haven't heard anything negative from the client who needed this setup – no news is good news!

    Lew

  3. dead head concept says:

    December 6th, 2009 at 3:24 pm (#)

    Hi there

    And does it work if you have the configuration :

    /wordpress1/

    /wordpress2/

    /wordpress3/

    meaning multiple blog, multiple db… and so multiple login…

    wondering how to can have a single login in this case

    can you help me ?

    cheers

  4. Lew Ayotte says:

    December 6th, 2009 at 5:18 pm (#)

    Dead Head Concept,

    In your case, it might be best just to use WPMU. But if you have to have multiple installations of WordPress on a single domain, with the same login, then it would be pretty much the same settings that I laid out here, just multiplied over each WordPress installation.

    Lew

  5. Multiple wordpress logins under one site? says:

    February 22nd, 2010 at 10:37 am (#)

    [...] First read this; [...]

  6. alan says:

    March 22nd, 2010 at 5:28 am (#)

    anyone with success of combining cookies for two wordpress installations across two different domains?

    I supposed that is on the grey area (in terms of security) even though they reside in the same server.

    Anyway to hack the wordpress includes in eg. siteB.com to share login with siteA.com? the wp_users and wp_usermeta tables are shared and the rest of the tables are unique in the same database.

    Anyone?

  7. Lew Ayotte says:

    March 22nd, 2010 at 11:33 am (#)

    Alan,

    I'm not sure that will work at all… mainly because of browser security. Cookies are usually stored at the browser level by domain. So even if you are sharing the same HASH it will assume it is a different cookie because it is a different domain.

    But I could be wrong :).

    Lew