How to Fix WordPress Multisite User Redirection and Access Issues

Managing a WordPress Multisite network can be complex, and a common point of confusion involves user redirection and access. Users logging into a subsite might be incorrectly redirected, see confusing warning messages, or be forced to log in multiple times when custom domains are involved. This guide explains why these issues occur and provides practical solutions based on community knowledge.

Common Symptoms and Why They Happen

Users often report the following problems within a Multisite network:

• A subsite user who logs in from the main site's login page (mainsite.com/wp-login.php) is correctly sent to their subsite dashboard (mainsite.com/subsite/wp-admin). However, if that same user later visits the main site's login page again, they are met with a WordPress warning page stating they do not have access.
• When a subsite uses a top-level custom domain (e.g., customdomain.com), a user logging in from the main network site (example.com/wp-admin) is redirected to customdomain.com/wp-admin but is prompted to log in again, even though they appear logged in on the main site.
• Non-super admin users who try to access the main site's dashboard (example.com/wp-admin) see a message listing their accessible sites instead of being automatically redirected to their primary dashboard.

These issues are not bugs but are inherent behaviors of the WordPress Multisite architecture:

1. Centralized User Management: All users exist network-wide in a single database table. A user account is not exclusive to one subsite; it exists across the entire network, though its roles and capabilities are per-site.
2. Domain-Specific Authentication Cookies: A login cookie for example.com is not valid for customdomain.com. This is a standard browser security feature to prevent cross-site tracking, which is why users must log in again for each distinct domain.
3. Designed Security Message: The warning message a user sees when trying to access a dashboard for a site they don't have privileges on is a default security feature, not an error. It is designed to inform the user and provide them with links to their actual sites.

Potential Solutions and Workarounds

1. Automatically Redirecting Users Away from the Warning Message

Instead of showing users the "no privileges" warning, you can automatically redirect them to the dashboard of their primary or first available site. This requires adding a custom code snippet to your theme's functions.php file or a custom plugin.

add_action( 'admin_init', 'redirect_non_admin_users' );
function redirect_non_admin_users() {
    // Check if the current user is not a super admin and is trying to access the admin
    if ( ! current_user_can( 'manage_network' ) && is_admin() ) {
        // Get the user's available blogs
        $user_blogs = get_blogs_of_user( get_current_user_id() );
        if ( ! empty( $user_blogs ) ) {
            // Redirect to the first site's dashboard in the user's list
            $first_blog = array_values( $user_blogs )[0];
            wp_redirect( get_admin_url( $first_blog->userblog_id ) );
            exit;
        }
    }
}

Important: Always test code on a staging site before deploying it to your live network. Incorrect code can break your site.

2. Customizing the Warning Message Text

If you prefer to keep the warning page but want to change its text, you can use a translation plugin like Loco Translate. The text is contained in WordPress's language files (.pot), and the plugin allows you to find and overwrite the specific string for your site.

3. The Cross-Domain Login Challenge

The issue of users needing to log in separately for each custom domain is a fundamental web security constraint. A login cookie for one domain cannot be shared with another. While technically complex solutions involving third-party cookies exist, they are often blocked by modern browsers and are not recommended.

The most straightforward solution is to ensure users always log in directly from their subsite's specific login URL (e.g., customdomain.com/wp-login.php). You can facilitate this by providing clear login links on your main site that point directly to the subsite's login page instead of the network login.

Conclusion

User redirection in WordPress Multisite is governed by the platform's centralized design and standard web security protocols. While the default behavior can sometimes be confusing for end-users, it is generally working as intended. The most effective approach is to use custom code for automatic redirection or to educate users on the correct login procedures for their specific subsite domains.