I'm self hosting wordpress sites on a virtual server. I have a windows 2008 Server running mySQL.
I have about 5 wordpress sites running.
I can install plugins just fine, but when I try to update WordPress, I get an error. The plugins install from the wordpress admin page.
Looking at permissions, the plugins folder has the 'IUSR' account assigned full read/write permissions. However, the core WordPress folder does not.
If I add 'IUSR' as a user to the primary wordpress folder, and give it read/write, I can then update wordpress. Obviously, this is because when you log into the admin section of WordPress, you authenticate with wordpress, but from IIS's perspective you are still an anonymous user because you are hitting the server through the website. If I open up this IUSR account to read/write permissions, anybody hitting the site can potentially read/write anything in the folder and that's not good.
I don't feel comfortable giving the anonymous IUSR account access to read/write permissions. I'm ok doing it just for the upgrade, but I don't want to have to mod permissions on the account anytime I need to upgrade wordpress. I'm hoping there is an alternative user account that can be used. OR if there's a better way of doing this because right now to upgrade, I have to give the IUSR read/write access, perform the upgrade, then remove the permissions.
Is there a different account I can assign the permissions too? IIS services website requests to anonymous users via the IUSR account.
I have about 5 wordpress sites running.
I can install plugins just fine, but when I try to update WordPress, I get an error. The plugins install from the wordpress admin page.
Looking at permissions, the plugins folder has the 'IUSR' account assigned full read/write permissions. However, the core WordPress folder does not.
If I add 'IUSR' as a user to the primary wordpress folder, and give it read/write, I can then update wordpress. Obviously, this is because when you log into the admin section of WordPress, you authenticate with wordpress, but from IIS's perspective you are still an anonymous user because you are hitting the server through the website. If I open up this IUSR account to read/write permissions, anybody hitting the site can potentially read/write anything in the folder and that's not good.
I don't feel comfortable giving the anonymous IUSR account access to read/write permissions. I'm ok doing it just for the upgrade, but I don't want to have to mod permissions on the account anytime I need to upgrade wordpress. I'm hoping there is an alternative user account that can be used. OR if there's a better way of doing this because right now to upgrade, I have to give the IUSR read/write access, perform the upgrade, then remove the permissions.
Is there a different account I can assign the permissions too? IIS services website requests to anonymous users via the IUSR account.
Facebook
Twitter