WordPress.org

Forums

IIS Security & Permissions (4 posts)

  1. thomcooper
    Member
    Posted 1 year ago #

    OK,

    I've tried to solve this query several times before, but never really got anywhere. I'm in the process of swapping over to a Win 2012 IIS 8 server & the question has popped up again & I'd love to resolve it, so here goes:

    Unless I give IUSR write permission to the content & includes folders, then I cannot upload stuff or install plugins, ditto the entire site directory in wwwroot when I come to upgrading the site.

    I usually end up just giving iusr write access to the entire site as it saves any problems for customers who are trying to administer their sites.

    I run regular backups (once per day) so have some disaster recovery in place, but I've never worked out whether or not this is 100% secure. I don't want a client to have to ring up each time they want to upgrade their site, but similarly I wanted to check that this is the correct way to go about doing things?

  2. symbolscape
    Member
    Posted 1 year ago #

    Hi Tom, did you ever gather any more information on this issue?

  3. thomcooper
    Member
    Posted 1 year ago #

    No, although from what I understand it is only a security hole if someone wishing to be malicious knows a WP username & password.

  4. msalz
    Member
    Posted 1 year ago #

    Hi Tom,
    I have been looking for a clear answer to your exact question. Thank you for posting it. Do you have any further information on the consequences of providing write access to IUSR?
    Thanks,
    Mike

Topic Closed

This topic has been closed to new replies.

About this Topic