Ask your WordPress questions! Pay money and get answers fast! Comodo Trusted Site Seal
Official PayPal Seal

Modify wp-signup.php WordPress


*** UPDATE ***

I think that <strong>wp-signup.php</strong> can handle what I need to do. I have managed to get this "Add New Site" registration working (with only 3 super-simple mods to the code) so it allows non-users (any visitor to the website) to register a new site (without user registration) and have the site is active immediately. And it was much simpler than I expected.

I'm pretty sure all the code needed is already in wp-signup.php (and/or site-new.php). I now need someone to .....

- rewrite some of the conditional calls (which are I've needed to change to get this working)
- modify the preg_replace to allow _underscores in sitename

* I am not modifying the core code. I have copied the wp-signup.php code into the theme as a page template.


I need an "Add a New Site" method on the frontend/homepage that allows non-users to add a site to the network.

- Allows any frontend visitors to "add a new site" to the network
- Visitors will not be users and will not be logged in
- It DOES NOT add any new users to the network (it only adds the site)
- New site needs to be active immediately
- A single form field would be ideal
- Must be a secure solution
- Must not be a core file hack

Basically I need a frontend version of the backend method "Add New Site" ["wp-admin > Network > Sites >Add New"] where new blogs are active immediately and without creating a new user (when email address already exists in DB, no user is created).

This network is a "read-only" environment (with no user publishing/editing/anything). There will only ever be 1 user (me, as Super Admin). Once the new site is added to the network (from the frontend) the theme will do some content generation. I just need to get the new blog added.

<strong>My Ideas</strong>
- I'm open to any idea that solves the problem
- wp-signup.php could be modified (as a page template)
- site-new.php basically does what I need, but conditional to logged-in users + sufficient privileges
- I have a Gravity Forms developers licence, and the User Registration add-on, but I don't know that this will help

- I want to keep things as simple as possible
- User registration will disabled
- Security is important


Answers (5)


Dbranes answers:

hi, here is a modified code from

I changed this into a shortcode so you can embed this into any page on your frontend:


The following assumes you are using multisite with subdirectories and the owner of the new sites is <em>user_id=1</em>:

add_shortcode( 'create_site', 'custom_multisite_create_site' );

function custom_multisite_create_site($atts) {
//check if multisite is enabled
if ( is_multisite() ) {

//if the form was submitted lets process it
if ( isset( $_POST['create_site'] ) ) {

//populate the variables based on form values
$domain = esc_html( $_POST['domain'] );
$path = esc_html( $_POST['path'] );
$title = esc_html( $_POST['title'] );

//verify the required values are set
if ( $domain && $path && $title ) {

//create the new site in WordPress
$new_site = wpmu_create_blog( $domain, $path, $title, 1 );

//if successfully display a message
if ( $new_site ) {
echo '<div class="updated">New site ' .$new_site. ' created successfully!</div>';

//if required values are not set display an error
} else {
echo '<div class="error">New site could not be created. Required fields are missing</div>';

<div class="wrap">
<h2>Create New Site</h2>
<form method="post">
<table class="form-table">
<tr valign="top">
<th scope="row"><label for="fname">Domain</label></th>
<td><input maxlength="45" size="25" name="domain" value="<?php echo DOMAIN_CURRENT_SITE; ?>" /></td>
<tr valign="top">
<th scope="row"><label for="fname">Path</label></th>
<td><input maxlength="45" size="10" name="path" /></td>
<tr valign="top">
<th scope="row"><label for="fname">Title</label></th>
<td><input maxlength="45" size="25" name="title" /></td>
<tr valign="top">
<input type="submit" name="create_site" value="Create Site" class="button-primary" />
} else {
echo '<p>Multisite is not enabled</p>';

TheLoneCuber comments:

Wow. This is awesome. It works, albeit with two errors. (* I am still testing on a local server, so I'm not sure if this would cause the problem?)

1 - echo DOMAIN_CURRENT_SITE; is causing an error in the Domain input (on the frontend *before* the form is submitted).
The input is actually filled with the following text ...

"<br />Notice: Use of undefined constant DOMAIN_CURRENT_SITE - assumed 'DOMAIN_CURRENT_SITE' in [local-path]/wp-content/themes/[theme-name]/functions.php on line 88<br />DOMAIN_CURRENT_SITE"

2 - But it does still register the new site. And after the new site is submitted, this is success message that is being generated also includes some reference to the error) .....

"Notice: Uninitialized string offset: 0 in /Users/life/Sites/tweet.ed/wp-includes/ms-functions.php on line 990
New site 17 created successfully!"

Dbranes comments:

ok, the constant DOMAIN_CURRENT_SITE is working on my multisite install.

You can try to replace it with your own domain string (fx. "")

Are you using subdomains or subdirectories?

ps: You can also use the action

add_action('wpmu_new_blog', 'custom_create_function');

to hook into the creation and change theme options etc.

TheLoneCuber comments:

This method <strong>works very well</strong> and is the direction and simplicity I was hoping for. However <strong>I have discovered a small problem</strong>.

The inputs <strong>allows *any* characters</strong> at all. That means site names like *#%} can be registered.

I need to filter the input. I guess that'll be preg_match? But I don't have the skills to write it in.


Arnav Joy answers:

you said thea "site-new.php " does what you want , so can we modified it?

TheLoneCuber comments:

It does what I need, but it does so via wp-admin with conditions of user roles etc. But if this method can be utilised (without hacking core files, and without creating security issues) certainly.


Spencer Tomosvary answers:

I've been working on similar projects and always keeping my eyes open for new methods. I seem to recall a plugin on wpmudev that did this fairly well and I can't seem to find it now.. I'm looking forward to seeing what answers others will have..


Kyle answers:

Gravity forms should be able to handle what you are looking for. It already has the site creation part built in to the forms, so I believe you should be able to create a from that will go through the process like normal, and then you can customize it to 'not register' the user with the hooks (

My thought though, for an even easier solution, is that you do a gravity form for new site creation, and for the required fields for the user registration part (name, username, email, password... ) you simply put those fields as 'hidden' and put in your own information as the default values. <- I'd be happy to help if you want that put in.

TheLoneCuber comments:

Easiest is best in my World @ktrusak. The Gravity Forms thought had crossed my mind, but I don't understand the complexities of site registration, and passing data is beyond me, so I wasn't sure how to do it.

- Does "hiding" the email simply display: none it? And does doing this leave that email address vulnerable and easier to find? I guess I could create an additional user account with a low-level privileges and hide-and-pass that email address via the New Site form (keeping my Super Admin's email as non-disclosed as possible).

Yes if this can work I'm interested. It's easy to embed a Gravity Form field anywhere, and a single form field is an ideal solution.

Kyle comments:

I can show you how to setup the multisite site registration form, it is very straightforward (Gravity Forms is always very user friendly). Gravity Forms will not readily display the information on the frontend inside the html, but it may still be possible to find it in the source code. What I may be able to do for your situation, is leave the fields completely blank and hidden, and then use the pre_submission_hook to fill in the entries after the user submits the form, but before the entry is processed to create the site, which is more secure.

TheLoneCuber comments:

Sounds good to me. Registering the new sites to a low-privilege user (created especially for this) with empty + hidden fields might be best then.

Do you have Gravity Forms? Can you build > export > email it and then I can Import it?

Kyle comments:

I pmed you, I can't do it myself because my current install is a single site and not a multisite


Gabriel Reguly answers:


Where one can find your changed wp-signup.php code?