How to Fix a Common WordPress Update Error in IIS

William FulksIT Services Analyst
...all I can say is that my life is pretty plain. I like watchin' the puddles gather rain...
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
WordPress is a powerful blogging system that serves as the backbone for countless websites and gives the user quite a bit of freedom to customize the look of the site without disrupting the operation. At my work, we installed it on our Windows Server web host. Everything was working great until I got a notification that a newer version of WordPress was available, but it would not update.

The screen capture below shows the error I kept getting:

I tried opening update-core.php to see if anything looked incorrect, but it was a huge file loaded with options and it looked like any modifications might break something else, so I left it alone. The key thing that stood out here is the mention of "inconsistent file permissions" and that's when I made some changes that allowed WordPress to update itself without me having to manually do it, which is an option but a tedious one.

Here's the fix:
  1. On your server, open up IIS manager then click on Application Pools
  2. Right-click on the one for WordPress, then click Advanced Settings
  3. Under Process Model, change the Identity to LocalSystem and click OK
  4. Click the + to expand Sites and then locate the folder used for WordPress
  5. Right-click on the WordPress folder name, then click Edit Permissions
  6. Click the Security tab then click the Edit button
  7. Click the Add button and type "Authenticated Users" and click OK
  8. Verify that Authenticated Users is now showing under the Group or user names list
  9. Click OK two more times to close those windows
  10. Try running the WordPress update again and it should work

What this minor change does is grant the application permission to modify files inside that folder by having it run as LocalSystem, which falls under Authenticated Users. It still keeps your site secure without leaving any gaping security holes, but always remember to use strong passwords on your WordPress site, as many spambots and hackers tend to look for WordPress sites for leaving spam comments and more.
William FulksIT Services Analyst
...all I can say is that my life is pretty plain. I like watchin' the puddles gather rain...

Comments (1)

kadadi_vIT  Manger

Please make sure IIS_USRS having the Full Control to your Wordpress folder recursively.


Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.

Get access with a 7-day free trial.
You Belong in the World's Smartest IT Community