Support » Fixing WordPress » Forbidden to Update, Delete and Install Plugins – IIS 7.5

  • Resolved FreelanceVPs


    I just moved some blogs over from hostgator hosting to our own web-server running IIS 7.5 and windows server 2008. All Blog run flawlessly EXCEPT I cannot add, delete or update any plugins on any of the blogs. I can however upgrade the blog version just fine after setting some permissions.

    I receive an error like this when trying to update plugins:


    You don’t have permission to access on this server.

    This happens on a single plugin update attempt as well as a bulk update on all update-able plugins. Oddly I get a similar error in phpmyadmin when trying to edit databases.

    I have gone as far as giving all users all permissions on these blogs to test if that’s the issue and still they throw the error at me. A blog I tested on IIS 6 worked though so I don’t know what needs to be modified in IIS 7.5 to make wordpress play nice.

Viewing 5 replies - 1 through 5 (of 5 total)
  • not sure if that’s exactly what’s affecting you but if you are using iis’s fastcgi for php with the wincache extension (which you should it’s blazing fast), it has a bug in the current wincache that makes it impossible to upgrade plugins (or wordpress itself) from the wordpress admin pages. You have to do the upgrades on the server by replacing the files. If you try upgrading from the wordpress admin your plugin folders may become inaccessible (iisreset will fix this.)
    To see if you’re using wincache check for extension=php_wincache.dll in your php.ini

    I do not see extension=php_wincache.dll in my php.ini, I am using fastcgi. I can upgrade wordpress versions just fine, just not plugins.

    What’re the ownership settings on the wp-content/plugins folder?

    Administrators (AAESAN1WEB02\Administrators)

    This group has full control

    (SOLUTION!) – Read the whole string at the IIS forums here:

    The issue was the ISAPI Rewrite Manager on our server. It had several query strings, including “select” and “sql”, setup to be filtered for incoming calls to our sites. It receives the website call BEFORE it goes to IIS so any changes I had been doing for IIS had no effect. The pages giving me a forbidden message had these words in the url.

    We removed the entries for these strings:

    RewriteCond %{QUERY_STRING} select [NC]
    RewriteRule (?!403\.html).*$ – [F]

    RewriteCond %{QUERY_STRING} select%20 [NC]
    RewriteRule (?!403\.html).*$ – [F]

    RewriteCond %{QUERY_STRING} sql [NC]
    RewriteRule (?!403\.html).*$ – [F]

    and then used the request filtering, which does the same thing within IIS, to block those strings for the whole server. Then we removed those denied strings just from php sites. We now have full access and functionality of both wordpress and phpmyadmin!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Forbidden to Update, Delete and Install Plugins – IIS 7.5’ is closed to new replies.