• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 653
  • Last Modified:

iis security needed for image upload


I am hoping the good people of EE can get me a definitive answer, with explination, to what seems to be a common issue with using WordPress on an IIS server.  The problem is uploading images.  When a user does this the site starts requiring a Windows logon when someone attempts to view.  I understand that it's a rights issue.  Wordpress seems to create a directory on the fly and puts the image file in there.  This file (and the folder) do not have rights for the IUSR account.  I've read on other forums that the solution is to give full access to the IUSR account and the "Network" user (some forums seem to mention this).  On these forums, the person usually questions the security implications of doing this, as I do, and I have not seen any good responses to this.

Can someone tell me what other Wordpress/Windows users do about this?  And explain how the solution won't be a security risk?

1 Solution
Is there a directory where Wordpress creates these 'on the fly' directories?  If so you can simply add the IUSR account and the 'IIS_WPG' group with Read permissions and your users should be able to see the posted images without being prompted for any kind of credentials.

As long as the permissions granted are only Read there are no real security implications.

Dave Dietz
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now