fix 401.3 IIS WordPress PHP Upload

June 20, 2011

How do you fix 401.3 IIS WordPress PHP Upload ?


After uploading a file via WordPress you get prompted for username and password (due to IIS 6 and php being the backend).


On a Microsoft platform utilizing IIS, you may run into a situation where, upon moving the uploaded file, anonymous web users can’t access the content without being prompted to authenticate first…

The reason for this is, the uploaded file will inherit the permissions of the directory specified in the directive upload_tmp_dir of php.ini. If this directive isn’t set, the default of C:\Windows\Temp is used.


You can work around this by granting the IUSR_[server name] user read access to your temporary upload directory, so that after you move_uploaded_file the permissions will already be set properly.

It’s also a good idea to set the Execute Permissions of the upload directory to NOT include Executables, for security reasons.

To accomplish this:
-Open the IIS Manager
-Browse to the relevant sites directory where the uploads will be placed
-Right Click the folder and select Properties
-In the Directory tab of the resulting dialog, set the Execute permissions to be None

Content source