I wanted to have two separate WordPress installs and have both utilize the same user database. I also wanted both sites to share the same login cookies so that they wouldn’t have to login to each site.
I found many examples of sharing the users, but the examples for sharing the cookies/user sessions were not working for me. Most of these examples were a few years old, and were missing a key step which was likely added by WordPress security enhancements (At the time of this post I’m running WordPress 4.7.2).
Be aware that you must edit each install’s wp-config.php file, so please make a backup of each before modifying it! In this example, site A is a top level domain (example.com), and site B is a subdomain (portal.example.com). In this example site B points to site A’s user tables.
Requirements:
- Site A’s & Site B’s user tables must be in the same database.
- Site A & Site B must share the same top level domain (Subdomains are fine).
Site A’s wp-config.php (example.com):
Insert the following code near the bottom of site A’s wp-config.php file, right before “/* That’s all, stop editing! Happy blogging. */” insert the following:
1 2 | define( 'COOKIE_DOMAIN', '.example.com' ); //Replace ".example.com" with your top level domain. define( 'COOKIEHASH', md5( 'https://www.example.com' ) ); //Replace "https://www.example.com" with your site's URL. |
Replace the cookie domain string and the cookie hash string with your top level domain. Doing this will allow the cookies to be used in all subdomains/subdirectories. This is the only change to site A’s config.
Site B’s wp-config.php (portal.example.com):
Copy this information from site A to site B (I replaced the strings that were shown in mine with 0s):
1 2 3 4 5 6 7 8 | define('AUTH_KEY', '0000'); define('SECURE_AUTH_KEY', '0000'); define('LOGGED_IN_KEY', '0000'); define('NONCE_KEY', '0000'); define('AUTH_SALT', '0000'); define('SECURE_AUTH_SALT', '0000'); define('LOGGED_IN_SALT', '0000'); define('NONCE_SALT', '0000'); |
This was the missing step! If the two wp-config.php files have different values, then the users will need to log in twice… And it actually clears the cookie of the first site you logged into. I haven’t made changes line by line, so I’m not sure if there is one line in particular that would do the trick. It might rely on one value being shared, a few, or all of them. I’m not sure.
Again, near the the bottom of site B’s wp-config.php file, right before “/* That’s all, stop editing! Happy blogging. */” insert the following code:
1 2 3 4 5 | define( 'COOKIE_DOMAIN', '.example.com' ); //Should be the same as site A. define( 'COOKIEHASH', md5( 'https://www.example.com' ) ); //Should be the same as site A. define( 'CUSTOM_USER_TABLE', 'wp_users' ); //Replace this with site A's user database. define( 'CUSTOM_USER_META_TABLE', 'wp_usermeta' ); //Replace this with site A's user meta database. |
Notice that in addition to the cookie, we defined a custom user and user meta table. I won’t go into the details of that here as there are other blogs which you can reference.
Summary
- Site A & Site B must share the same cookie settings.
- Site A & Site B must share the same salts and keys settings.
- One of the sites must point to the other’s user/usermeta database.
I hope that this helps!
Hello there! I know this is kind of off topic but I was wondering if you knew where I could get a captcha plugin for my comment form? I’m using the same blog platform as yours and I’m having trouble finding one? Thanks a lot!
Hello! I’d recommend taking a look at Google Captcha (reCAPTCHA) by BestWebSoft. If you’d like to see more options, here is an article that mentions a few. Hope that helps!