Local Professional IT Support For Your Business

Running Wordpress on IIS in a windows environment requires the permissions on the wp-content/uploads folder to be set carefully.

We have found that we do not allow the whole of wp-content to have write access, as this leads to php injection. Instead, once the theme has been uploaded, access from the internet should be limited to the uploads folder only. The uploads folder should never contain .php files. These will always be spam, and should be removed as soon as possible.

If you are getting the message 'The uploaded file could not be moved to wp-content/uploads/', the most likely cause is that  the permission has not been set correctly.

For uploading images, the permission on the uploads folder needs to be set for IUSR, this is different from IIS_IUSRS.

The IUSR account may not exist, so first add the account, then grant it “Modify” permissions.

You should also check that the windows/temp folder, or the temp folder to be used by PHP, if that is different, has read permission set for IIS_IUSRS (different from above).