IIS WordPress Uploaded Files 500 Error


therI cannot believe I ran into the same problem I blogged about 3 years ago.  So I am add more symptoms and more details to the problem.  I hope it will save many people using IIS WordPress hours of troubleshooting.


  • You are running WordPress on IIS
  • You cannot even upload a file or image to WordPress Media Library
  • After you upload a file or image to WordPress Media Library, you cannot access the file via URL.  For example, http://www.xxxx.com/wp-content/uploads/2017/04/xxxx.pdf would only return a server 500 error.  Or if you have an uploaded image, you may see a broken image icon in WordPress.
  • You can across this problem after you upgrade your WordPress site to a new or different version of PHP.


This is caused by configuration of

  • IIS configuration of PHP and the NTFS permissions set on specific folders.

Quick Fix:

    1. Add {serveranme}/IIS_IUSRS with read permission to the file, or uploads folder or wp-content folder.  Obviously, if you choose wp-content, you can propagate the permission down to subfolder and files.
    2. This only fixes the uploaded files in the WordPress site.  You may still get the same problem with future uploaded files.


  1. Locate your php.ini.  For example, C:\Program Files (x86)\PHP\vX.X
  2. Always check your php.ini to see the setting value for “upload_tmp_dir”.  The default value is probably “C:\Windows\Temp”.  It is critical that you verify this.  In fact, I recommend you create a new folder and use it exclusively for PHP upload temp directory.  For example, you can create a “C:\PHP_upload_temp”
  3. Now you need to apply the appropriate permissions to 2 folders with 2 users:
  wp-content (or uploads) PHP upload temp directory (C:\PHP_upload_temp)
IUSR Modify Modify
{servername}/IIS_IUSRS Read Read
  • The above suggestions should work.  You may reduce the permission to see if it works for you.
  • NTFS uses inherited permissions.  You should use Properties/Security/Advanced to view the permissions.
  • The permissions must be set property in PHP upload temp directory first.  The uploaded file will be uploaded to that directory before it is copied to the wp-content/uploads folder.
  • If you see “Parent Object’’” under “Inherited from”, it may indicate some orphaned permission.
  • “When you upload a file, PHP sends the file to a temporary directory on the hard drive (for me it is C:\Windows\Temp) and then copies it over to it’s intended directory.  Once the file has landed in the temporary directory, it is assigned the permissions of that directory. The problem is when Windows copies that file, it keeps the temporary directory’s permissions and doesn’t inherit your web directory’s permissions.”


Again, the following 3 articles really help:




note: I don’t think creator owner plays a part in this problem.


How to Reduce Time To First Byte (TTFB) with IIS WordPress


There are many tools and many guidelines outline to help speed up web pages.  In my case, it is WordPress hosted in IIS 8.  TTFB was ~2 seconds and it took 5 seconds to load the page.

Black Hole

Optimization is like a black hole, sucking all your time while you try to score better on some benchmarks.  Common tricks include:

  • Use FastCGI
  • Use WinCache
  • Use WordPress cache plugin, such as W3 Total Cache.
  • Faster CPU, more Memory, use SSD drive


You can use many online sites (e.g. pingdom) to give you waterfall and recommendations.  They are also good to establish your performance baseline.

If you see high TTFB, then the next step is to use a browser on your web server to load the website.  Any web browser (Chrome, IE, Firefox) can give you a waterfall, if you still have a high TTFB, then you know it is something related to the web server, not due to long network distance from a test client.


For me, the following trip reduces my WordPress page:

  • Total load time from > 5 seconds to 1.2 seconds. 
  • TTFB dropped from ~2 seconds to 183 ms.

The solution is to disable IPv6 on Windows Server.  I simply used Microsoft’s “Fix it”



http://forums.iis.net/t/1153459.aspx (many thanks to that thread of discussion!!!)

IIS WordPress MySQL root password is Invalid


  1. You are installing WordPress via IIS Web Platform Installer
  2. On the PREREQUISITES section, it shows that MySQL is not installed, you specify a password.
  3. After WPI downloads and installs, it shows the error message “password for user account ‘root’ is not valid” on INSTALL section.
  4. You try different stronger passwords and it yields the same error.
  5. When you look at the log, you see the error: “The security settings cannot be applied.”


  1. In my case, I go to Control Panel –> Program and Features
  2. Uninstall MySQL 5.1. 
  3. Delete C:\Program Files\MySQL
  4. Delete C:\ProgramData\MySQL (WARNING: THIS WILL DELETE ALL YOUR MYSQL Database data files. Don’t do this unless you are sure).
  5. Reinstall WordPress Application via IIS Web Platform Installer.
  6. If everything is OK, you should see the following screen:



WordPress Installation on IIS with PHP. Pretty URL and Error 404 and 500

If you want to configure WordPress to use Pretty URL.  

  1. Change WordPress—>Dashboard—>Settings—>Permalinks to use “Post name” format.
  2. Make sure your IIS has “URL Rewrite” module installed.
  3. Add the following to your WordPress site’s webconfig.
<?xml version="1.0" encoding="UTF-8"?>
<rule name="WordPress Rule" stopProcessing="true">
<match url=".*" />
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
<action type="Rewrite" url="index.php?page_id={R:0}" />

Note that this is different the instructions from  http://www.iis.net/learn/extensions/url-rewrite-module/enabling-pretty-permalinks-in-wordpress.

After you do this, you may run into broken images problem. 

Quick Fix:

  1. Add IUSR and {serveranme}/IIS_IUSRS with read permission to the uploaded images.

Better Solution:

  1. Search and modify “php.ini” (e.g. C:\Program Files (x86)\PHP\vX.X)
  2. Change “upload_tmp_dir=C:\Windows\Temp” to a folder of your own folder.
  3. Add IUSR and {serveranme}/IIS_IUSRS with full control permission to the new folder.

Special thanks to Amixa Blog’s article for hitting the broken image problem right on the nail.  I could see this taking hours to resolve.