Categories
josephscott

WordPress File Uploads With IIS

I didn’t have any problems getting WordPress to work on Windows Vista, IIS7 and PHP 5 (ISAPI). That is, until I tried to upload an image. After hunting around and gathering tips and ideas from others here is what I had to do:

  1. Edit upload_tmp_dir option in php.ini. In my case I created an uploads folder in the wwwroot: upload_tmp_dir = “c:inetpubwwwrootuploads”
  2. Create the c:inetpubwwwrootuploads folder and grant the IUSR full control of it
  3. Create the uploads folder in your wp-content folder, for me this was in c:inetpubwwwrootwordpress-trunkwp-contentsuploads, then grant the IUSR full control of it
  4. Restart the IIS service (to pick up the php.ini change)

After that I was able to upload files in WordPress running under Vista and IIS7. I haven’t tried to fine tune the permissions issue, it is possible that this can be done without having to grant full control of those folders to the IUSR account.

26 replies on “WordPress File Uploads With IIS”

Actually, you should be happy that the IIS worker process does not have the right to write to your application’s directory by default 🙂

This is one of the key defense-in-depth protection measures against website defacement via application-specific exploits that may exist in your application code.

Joseph, if you are feeling adventurous, you can try running WordPress using the latest FastCGI technical preview, which will be the recommended way to run FastCGI on Windows Vista SP1 and Windows Server 2003. You can learn more about this here: http://mvolo.com/blogs/serverside/archive/2007/05/29/The-latest-on-the-FastCGI-project-and-PHP-support-on-IIS.aspx

If you are interested in trying it out on Windows Server 2003 Beta3 (free download), FastCGI is built-in there. I recently set WordPress up on it: http://mvolo.com/blogs/serverside/archive/2007/08/12/IIS-Authentication-plugin-for-the-Wordpress-PHP-blogging-engine.aspx

Thanks,

Mike

@Mike-

Oh, I wasn’t complaining about the permission issue, just noting it for others who might have run into the same problem.

Thanks for the links on FastCGI with IIS and PHP, I might try that out later. My IIS with PHP setup is only for WordPress development, nothing production wise. For those needing better performance though I could see that being very handy.

Now if only I could figure out why I get the occasional error about IIS worker threads dying I’d have less interruptions 🙂

Scott,

What is the thread death error you mention – are you getting this on IIS7 when using the PHP ISAPI? If you post more information on this, I may be able to help you out or direct you to Zend for more help.

Thanks,

Mike

I followed your instructions and WP will let me upload pictures just fine. The problem I have is that once the picture has been uploaded it won’t display for some reason even thought IUSR has full control over that content folder. What I find out is that the permission are not propagating to the file level until I manually tell it to propagate each time I upload a photo. Has anyone had any problems like this?

My Setup:

Windows 2008 Enterprise w/ IIS 7 w/ FastCGI
WordPress 2.5.1
Latest MySQL
Latest PHP 5

@Anthony,

I have exactly the same problem with images being unviewable after upload due to failure to propagae permissions to the year/month folders WordPress creates to store the uploaded images.

Did you ever find a solution?

Thanks?

Hi – its ‘stumble upon’ a thread time for me.

My 2.6 installs on IIS6 ‘seem’ to be doing OK with the creation of yearly, monthly subdirectories/folders. I did some looking and at the NTFS level the owner of each of those folders is our old friend IUSR, the Internet Guest Account who had inherited Modify rights from the folder I originally installed each instance of WordPress into. In Permissions, Security, Advanced – Allow Inheritance is ticked. I added Modify to the default Read, Write when I created each root container/folder.

In IIS, I gave the root of each instance Read, Write, Scripts only Execution.

If anyone sees flags ther give me a holler, LOL

I hope this info is useful to someone…

🙂

JonB,
After your settings, when you uploaded a file, what were the propogated permissions in the e.g. uploads/2008/10/file.txt ? Was IUSR the owner of that file?

Thanks!

Hi DevN

Just to make sure you know – I’m running Windows Server 2003/Internet Information Server 6

I checked on the server that hosts WordPress and that is indeed the case. (IUSR is the owner)

Internet Guest Account (MSW-02IUSR_MSW-02)

The effective rights are all EXCEPT Full Control & Take Ownership

The INHERITED NTFS Security is Modify (including Write by default) and Read & Execute.

In IIS the Directory is set to Read, Write – Execute Permissions – Scripts Only

To be honest, I run my own servers, and use these installs to support websites, so my needs may be different that one who wanted to do general WP hosting on IIS. Consequently, I haven’t done any tightening that would be necessary in a completely open environment.

I can’t put my finger on the URL, but I ran across a comment by, I believe, Mike Minasi about always using copy rather than move because on the ownership/inheritance issue when ‘moving’ things into IIS webroots. I found it when I was having wierd stuff with some forum software, now what I do is unzip stuff (structures) in a downloads folder, then copy the structure (from the root down – NOT the root) into a root on the chosen virtual server that I have set the permissions on in advance. Bingo, you get the right inheritance. You must also beware the effects of OS backups, copies made while working, fixing. etc. I haven’t fully thought through all the implications of WordPress’ meta structure, but it is surely something I AM thinking about. LOL.

The ONLY real problem I have had with WordPress is the initial install on IIS6. Probably 75-80% of the time, WP will apparently install, but you never get the screen where the newly generated admin password is given, just a blank screen. It doesn’t time out, and a refresh doesn’t work – just a blank screen that reports ‘Done’. (yeah right – Done IS the word) I’m in the process of writing up the two different scenarios that are presented to the new admin, and the shortcut fixes for both. You almost NEVER really need to re-install.

I hope this reply is helpful.

JonB <- kool geek

Thanks for the additional info Jon. I’m running it in a closed environment as well. Everything works fine except for the images uploaded via WP. lol back to the drawing board on this one.

i am not sure if it was covered but whatever you put in your upload_tmp_dir is deleted by PHP when the script ends, at least that’s how it used to be i believe, that is a bit of a temp holding ground, you’re supposed to migrate it to a permanent location after receiving the upload stream, this should be why someon’s image wasn’t showing up after upload, it didn’t really exsist after it.

this is in reference to uploading files / using $_FILES.

If you’re gonna upload, read the manual on it so you know what you’re using:
http://us3.php.net/file-upload
FROM PHP SITE:
“The file will be deleted from the temporary directory at the end of the request if it has not been moved away or renamed. ”

and from what i saw above, IUSR is being given too many rights and the user does not (and i would think should not) not own any file.

Umm – Clay

the ‘user’ never owns the file in this kind of an environment, they aren’t authenticated.

IUSR is the proxy for the client. It represents the Anonymous Access view/filter of files and folders present in an IIS website. I hope this helps.

Joe this looks pretty good for people hosting their WP on their own servers. I have a shared hosting account with a company and can’t access the services you mention.

Does anyone have a way to get uploads working in a shared hosting environment?

@Christian

Based on my experience with 5 different ASP.Net shared hosting companies, I sort of doubt that you will be able to get this to work. Your only choice might be a VPS or dedicated server. I have a BlogEngine.Net blog that works with IIS, but am considering using WordPress for a second blog. I will very likely choose a Linux plan for it.

This is at least peripherally related to two issues I am seeing.

I am having troubles where my image uploader is not giving any option but full size for image uploads. I am fairly certain this is not a permissions issue since I am able to upload the images and further I am able to select tn views using the edit feature after the image is uploaded:

http://wordpress.org/support/topic/231020

Also, I am not able to auto-update plugins due to a permissions issue of some sort:

http://wordpress.org/support/topic/187786

I wonder if you might be able to offer any insight into the matter? It’s tough to find other Windows/WP administrators out there.

(Feel free to write to me and we can take this off-line if that’s better for you.)

Hi James –

I will have some answers for you tomorrow on both your issues I think. At least things you will be able to check. I’m mostly a cross platform server geek. I will ‘probably’ post the info on your WordPress threads.

Right now I’m in the midst of installs & way too many checklists.

/me feels like a party-crasher, LOL

Ok, this post helped, thanks, but I still had an issue when windows would not put the proper permissions on the file after WordPress would copy it from the tmp folder to the uploads directory. The end result was a file uploaded but not viewable.

What solved my issue is uncommenting the following line in php.ini : “fastcgi.impersonate = 1;”. This will allow IIS to copy the permissions properly.

Don’t forget to recyle the application pool in iis manager to reload the re-edited php.ini.

I also had to adjust the following in the php.ini then it worked
upload_max_filesize = 128M
Default was 2M

Leave a Reply

Your email address will not be published. Required fields are marked *