Permissions to wp-content folder in Windows Server 2012

I’ve made some tests to solve this problem: trying to update some plugins via WordPress backend I always receive a “Unable to create folder” error.

So I’ve initially added IIS_IUSRS with Read/Write/Modify permissions (not full control), but nothing changed.

Then I’ve tried to add IIS_IUSRS with full control, but I did not solve.
My final try was to add “Everyone” user and give him the Read/Write/Modify permissions. And it works!

But do you think it’s a security hole to give this permissions to Everyone user?
And what do you think could be a solution?

I’m using:
Windows Server 2012, WordPress 4.0.1, PHP 5.4.24, IIS 8.0

Solutions Collecting From Web of "Permissions to wp-content folder in Windows Server 2012"

There are actually 3 users that IIS access files with on .NET sites: IIS_IUSRS, IUSR, and NETWORK SERVICE

Grant all 3 IIS users Read & Execute, List Folder Contents, Read permissions on the entire WP folder

For file management (e.g. plugin/theme installation & updates), grant all 3 of the IIS users Full Control on the wp_content folder.

I’m not positive if you need to grant Everyone Full control access to the WordPress root folder. Likewise, you don’t need to grant IIS_IUSRS, IUSR and NETWORK SERVICE all permission to the entire WordPress root folder either.

I was able to accomplish an upgrade recently where I only gave IUSR the Modify, Read & Execute, List folder contents and Read permissions to the root folder. I then revoked them after the update.


  • Windows Server 2012 R2
  • WordPress 4.6.1
  • PHP 5.5.38


  • WordPress 3.9 upgrade fails
  • [Resolved] 500 Internal Server Error on wp-admin Dashboard