WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Forbidden to Update, Delete and Install Plugins - IIS 7.5 (6 posts)

  1. FreelanceVPs
    Member
    Posted 3 years ago #

    I just moved some blogs over from hostgator hosting to our own web-server running IIS 7.5 and windows server 2008. All Blog run flawlessly EXCEPT I cannot add, delete or update any plugins on any of the blogs. I can however upgrade the blog version just fine after setting some permissions.

    I receive an error like this when trying to update plugins:

    Forbidden

    You don't have permission to access http://www.domain.com/blog/wp-admin/update.php?action=update-selected&plugins=akismet%2Fakismet.php&_wpnonce=9b470d1831 on this server.

    This happens on a single plugin update attempt as well as a bulk update on all update-able plugins. Oddly I get a similar error in phpmyadmin when trying to edit databases.

    I have gone as far as giving all users all permissions on these blogs to test if that's the issue and still they throw the error at me. A blog I tested on IIS 6 worked though so I don't know what needs to be modified in IIS 7.5 to make wordpress play nice.

  2. mosco
    Member
    Posted 3 years ago #

    not sure if that's exactly what's affecting you but if you are using iis's fastcgi for php with the wincache extension (which you should it's blazing fast), it has a bug in the current wincache that makes it impossible to upgrade plugins (or wordpress itself) from the wordpress admin pages. You have to do the upgrades on the server by replacing the files. If you try upgrading from the wordpress admin your plugin folders may become inaccessible (iisreset will fix this.)
    To see if you're using wincache check for extension=php_wincache.dll in your php.ini

  3. FreelanceVPs
    Member
    Posted 3 years ago #

    I do not see extension=php_wincache.dll in my php.ini, I am using fastcgi. I can upgrade wordpress versions just fine, just not plugins.

  4. What're the ownership settings on the wp-content/plugins folder?

  5. FreelanceVPs
    Member
    Posted 3 years ago #

    Administrators (AAESAN1WEB02\Administrators)

    This group has full control

  6. FreelanceVPs
    Member
    Posted 3 years ago #

    (SOLUTION!) - Read the whole string at the IIS forums here:

    http://forums.iis.net/p/1174369/1967089.aspx#1967089

    The issue was the ISAPI Rewrite Manager on our server. It had several query strings, including "select" and "sql", setup to be filtered for incoming calls to our sites. It receives the website call BEFORE it goes to IIS so any changes I had been doing for IIS had no effect. The pages giving me a forbidden message had these words in the url.

    We removed the entries for these strings:

    RewriteCond %{QUERY_STRING} select [NC]
    RewriteRule (?!403\.html).*$ - [F]

    RewriteCond %{QUERY_STRING} select%20 [NC]
    RewriteRule (?!403\.html).*$ - [F]

    RewriteCond %{QUERY_STRING} sql [NC]
    RewriteRule (?!403\.html).*$ - [F]

    and then used the request filtering, which does the same thing within IIS, to block those strings for the whole server. Then we removed those denied strings just from php sites. We now have full access and functionality of both wordpress and phpmyadmin!

Topic Closed

This topic has been closed to new replies.

About this Topic