WP Domain Mapping | Stephen J. Butler - University of Illinois at Urbana-Champaign

Disclaimer: not all of the features we’ve added are in active use. Use with caution and test heavily! If you have a question or comment, feel free to email me.

For our implementation we’ve added some extensions to the stock WordPress Domain Mapping plugin. Our patch is hosted here: dm-v0.5.4.3-uiuc.patch. After applying, search for “XXX: UIUC” to see specific changes we’ve added that you might want to adapt to your install. Here is a summary of the things we’ve modified:

Per-Blog Enable

We wanted the ability to enable domain mapping on a per-blog basis. When this setting is enabled (by a super admin) the domain mapping does not appear on a blog’s Setting page unless a super admin has enabled it for that particular blog.

Per-Blog CNAME and IP Address

Because our Subject Alternate Name SSL certificates can only accommodate 30 subjects, we needed a way to provision a blog onto a specific IP/CNAME/SSL certificate setup. This feature lets super admins visit a blog’s domain mapping settings and specify a CNAME or IP address different than the Network configuration. By default the blog domain mapping instructions will display the Network configuration.

Admin Only Primary Domain

Allow only super admins to change a blog’s primary domain. This is for when you want users to be able to setup aliases, but still have users redirected to the network blog address. Super admins will still be able to change the primary domain of a blog.

Don’t Force SSL for Admin URL Mapping

When remapping an admin URL, handle “/wp-admin/admin-ajax.php” a little differently. Usually the “force_ssl_admin” rule takes effect, but it shouldn’t for “admin-ajax.php” because it can be called from non-admin pages. If you force SSL on this callback, the same-origin policy might be violated for AJAX callbacks.

Preserve “redirect_to” After Login

After the Shibboleth login process, preserve the “redirect_to” URL parameter to handle redirection instead of just finishing at “wp-login.php”.

Additional URL Mappings

Also map “wp-login.php” for login and logout hooks. This lets SSL work properly in cases where you are not using SAN for your mapped domains.

Hook “allowed_redirect_hosts”

Let WordPress consider a redirect to a mapped domain as safe/allowed. This is done by hooking into the “allowed_redirect_hosts” filter.