How to Fix a Common WordPress Update Error in IIS

Published on
5,618 Points
1 Endorsement
Last Modified:
William Fulks
...all I can say is that my life is pretty plain. I like watchin' the puddles gather rain...
If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
WordPress is a powerful blogging system that serves as the backbone for countless websites and gives the user quite a bit of freedom to customize the look of the site without disrupting the operation. At my work, we installed it on our Windows Server web host. Everything was working great until I got a notification that a newer version of WordPress was available, but it would not update.

The screen capture below shows the error I kept getting:

I tried opening update-core.php to see if anything looked incorrect, but it was a huge file loaded with options and it looked like any modifications might break something else, so I left it alone. The key thing that stood out here is the mention of "inconsistent file permissions" and that's when I made some changes that allowed WordPress to update itself without me having to manually do it, which is an option but a tedious one.

Here's the fix:
  1. On your server, open up IIS manager then click on Application Pools
  2. Right-click on the one for WordPress, then click Advanced Settings
  3. Under Process Model, change the Identity to LocalSystem and click OK
  4. Click the + to expand Sites and then locate the folder used for WordPress
  5. Right-click on the WordPress folder name, then click Edit Permissions
  6. Click the Security tab then click the Edit button
  7. Click the Add button and type "Authenticated Users" and click OK
  8. Verify that Authenticated Users is now showing under the Group or user names list
  9. Click OK two more times to close those windows
  10. Try running the WordPress update again and it should work

What this minor change does is grant the application permission to modify files inside that folder by having it run as LocalSystem, which falls under Authenticated Users. It still keeps your site secure without leaving any gaping security holes, but always remember to use strong passwords on your WordPress site, as many spambots and hackers tend to look for WordPress sites for leaving spam comments and more.
1 Comment
LVL 17

Expert Comment

Please make sure IIS_USRS having the Full Control to your Wordpress folder recursively.


Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Join & Write a Comment

The purpose of this video is to demonstrate how to Import and export files in WordPress. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Click on Too…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month