IIS Security & Permissions

  • OK,

    I’ve tried to solve this query several times before, but never really got anywhere. I’m in the process of swapping over to a Win 2012 IIS 8 server & the question has popped up again & I’d love to resolve it, so here goes:

    Unless I give IUSR write permission to the content & includes folders, then I cannot upload stuff or install plugins, ditto the entire site directory in wwwroot when I come to upgrading the site.

    I usually end up just giving iusr write access to the entire site as it saves any problems for customers who are trying to administer their sites.

    I run regular backups (once per day) so have some disaster recovery in place, but I’ve never worked out whether or not this is 100% secure. I don’t want a client to have to ring up each time they want to upgrade their site, but similarly I wanted to check that this is the correct way to go about doing things?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi Tom, did you ever gather any more information on this issue?

    Thread Starter thomcooper

    (@thomcooper)

    No, although from what I understand it is only a security hole if someone wishing to be malicious knows a WP username & password.

    Hi Tom,
    I have been looking for a clear answer to your exact question. Thank you for posting it. Do you have any further information on the consequences of providing write access to IUSR?
    Thanks,
    Mike

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘IIS Security & Permissions’ is closed to new replies.