• One installation of WordPress to make future upgrades easy
• Run multiple distinct and completely unique sites from that single installation
• Each site is configured as its own virtual host within Apache
• Each site has a unique design, theme, database, users, etc.
• There should be zero changes to the code file included with WordPress.
• Future version upgrades should be as easy as uploading the newest files.
• Separate ‘wp-config.php’ configuration file for each blog/site.
• Everything about each blog/site is under one directory that I can provide different users access to via FTP.

Installing Wordpress

First things first, I downloaded the latest version of WordPress, unzipped it and uploaded it via FTP to my server. I chose to to upload it to “/var/www/.wordpress” and gave it the appropriate permissions.

Open ‘wp-config.php’ (create it if it doesn’t exist) and insert the following into it:

<?php require('local/wp-config.php'); ?>

That’s it. Your single installation is now ready to serve multiple sites.

Setup a new blog

Now comes the fun part. Create the folder you’ll see running the new blog under. For this example, I’ll use ‘/var/www/example.com’. This is the folder that will serve as the root folder for the virtual host under Apache.

Under the newly created folder, create an ‘.htaccess’ file and insert the following line into it:

php_value include_path ".:/var/www/example.com/local/:/var/www/example.com/"

Now create a new folder called “local”. Within that folder, put the ‘wp-config.php’ file that you would normally use with WordPress.

<?php
define('DB_NAME', 'wp_example');
define('DB_USER', 'example');
define('DB_PASSWORD', 'password');
define('DB_HOST', 'localhost');
prefix $table_prefix  = 'wp_';
define('WPLANG', '');
define('ABSPATH', '/var/www/example.com/');
require_once(ABSPATH.'wp-settings.php');
?>

There is one key change you need to make. Edit the second to last line and define the ‘ABSPATH’ variable to be an absolute path to the root of this site.

Now, drop back into the root folder of the site. Create a file called ‘wp-config.php’ and put the following line in it:

<?php require('local/wp-config.php'); ?>

So now your file structure should look like this so far:

/www/var/example.com/.htaccess
/www/var/example.com/wp-config.php
/www/var/example.com/local/wp-config.php

We’re almost there. Now create symbolic links to all the actual WordPress files/folders except for the ‘wp-content’ folder.

index.php -> /var/www/.wordpress/index.php
wp-admin -> /var/www/.wordpress/wp-admin/
wp-atom.php -> /var/www/.wordpress/wp-atom.php
wp-blog-header.php -> /var/www/.wordpress/wp-blog-header.php
wp-comments-post.php -> /var/www/.wordpress/wp-comments-post.php
wp-commentsrss2.php -> /var/www/.wordpress/wp-commentsrss2.php
wp-cron.php -> /var/www/.wordpress/wp-cron.php
wp-feed.php -> /var/www/.wordpress/wp-feed.php
wp-includes -> /var/www/.wordpress/wp-includes/
wp-links-opml.php -> /var/www/.wordpress/wp-links-opml.php
wp-login.php -> /var/www/.wordpress/wp-login.php
wp-mail.php -> /var/www/.wordpress/wp-mail.php
wp-pass.php -> /var/www/.wordpress/wp-pass.php
wp-rdf.php -> /var/www/.wordpress/wp-rdf.php
wp-register.php -> /var/www/.wordpress/wp-register.php
wp-rss.php -> /var/www/.wordpress/wp-rss.php
wp-rss2.php -> /var/www/.wordpress/wp-rss2.php
wp-settings.php -> /var/www/.wordpress/wp-settings.php
wp-trackback.php -> /var/www/.wordpress/wp-trackback.php
xmlrpc.php -> /var/www/.wordpress/xmlrpc.php

I didn’t want to make symbolic link to the ‘wp-content’ folder because I wanted to be able to edit the themes individually for each site. To get that working, create a folder called ‘wp-content’ in your site (‘/var/www/example.com/wp-content’). Under ‘wp-content’, create a ‘themes’ folder and then make the following symbolic links:

/var/www/example.com/wp-content/index.php -> /var/www/.wordpress/wp-content/index.php
/var/www/example.com/wp-content/plugins -> /var/www/.wordpress/wp-content/plugins/
/var/www/example.com/wp-content/themes/default -> /var/www/.wordpress/wp-content/themes/default

The last symbolic link will make the default theme available to you until you upload a new one.

Everything is go!

Proceed with your WordPress installation like normal (database setup, login into admin area, etc).

Plugins

The ‘plugins’ folder has a central location under ‘/var/www/.wordpress/wp-content/plugins’. Upload your plugins there and all your blog can benefit from them. Each blog can enabled to use only the plugins you want to use.

Future versions

When future WordPress versions are released, just upload them to the ‘.wordpress’ folder and you’ve updated all your blogs at once! With each new version, take a quick look at the files included incase they’ve added some new files which you’ll need to create symbolic links for.

Caveats

Unfortunately my method requires some command-like access via a terminal/SSH and this method cannot be used with most shared hosting providers. Perhaps someone can build a small script that builds the symbolic links?

Some directives in the ‘.htaccess’ may not work unless you define ‘AllowOverrides All’ in the Apache virtual host configuration.

How it works

Symbolic links can cause problems when using the include() or require() functions within PHP. The formatting of the requested file’s path can influence if the file is included from the symbolic link’s folder or the original folder that the site is running under.

My solution to that problem is contained within the ‘.htaccess’ file. The PHP engine is configured to look for include files within a path before it the current folder is checked. This allows us to override the location of the ‘wp-config.php’ file and always grab the copy located within the ‘local’ folder on each site.

If you have any questions or issues please leave a comment below!

 This is a method I’ve used successfully to bring comment spam to screaching halt on some of my clients’ blogs.

First, rename wp-comments-post.php to something else.

Second, create a blank wp-comments-post.php file (just so that the spammers still get a 200 HTTP status code)

Third, edit the “comments” page in your template. Leave the “action” attribute pointing to the default wp-comments-post.php page. Add some Javascript to the FORM tag’s “onSubmit” method. Something like:

onsubmit="this.action='location-of-new-wp-comments-post.php'; return true;"

Anyone with Javascript enabled (nearly 100%) will be able to post comments but the spam bots (which do not parse Javascript) will not.

You can even obfuscate the Javascript code further by throwing in some random concatenation…

onsubmit="this.action='location' + '-of-new-wp-comments-post.' + 'php'; return true;"

… or setting the URL in a variable and referencing the variable instead.

 Using this technique brings comment spam to near zero. I’ve left Akismet in place to catch the small number of manual spam comments but I only see those maybe once every week, even on highly trafficked sites.

Note: I’ve not implemented this method on this site. This blog gets no comment spam since it gets very low traffic. Someday I’ll eat my own dog food.

Update 7/11/2007: The above process works beautifully to stop spam but it’s a little more complicated than an easier solution that gets 95% of the benefit. The easiest way to stop comment spam is to simply rename the wp-comments-post.php to something else and edit the <form> tag in your theme to reference to the new name. I find it easiest to just throw some random characters at the end of the name. For example, on this site, I’ve renamed it to “wp-comments-post-3m0dw12×35.php”.

The above method using the JavaScript just takes it a step further to combat those bots which actually check the HTML code for the URL the form is posting to.