This is all old news, everything I have here is found other places, but I did run into a big bug that I had to sift through forums to find the answer to: 2.8 and above has broken image uploads. And from the forum posts its not just when running on IIS. I hadn’t run into it when I was running 2.8 on Apache, but I was also running a very old version of PHP.

The symptoms are that when trying to upload a picture into a post, the screen will show, ‘crunching’ and then, when finished, will be blank where you’d normally expect to see the uploaded image along with it’s options. If you check the server, thinking there might be a permissions issue, you will find the image that you uploaded. My solution was to downgrade back to 2.7.1.

Couple of things we’ll need:

• Windows 2008 with IIS 7 … obviously (or 2008R2 IIS 7.5)
• URL Rewrite
• PHP 5.2.11 or 5.3 Non Thread Safe
• MySQL 5.1 Community Server
• [optional] MySQL GUI Tools
• WordPress see release archive for 2.7.1 if newest version is still having problems with image upload

The focus of this post isn’t a complete end-to-end WordPress setup since many people have covered that better than I can. The primary goal is to cover issues when setting up WordPress on IIS; I found all the articles on google lacking a few steps that caused me some headaches. I’ll try to put as many steps in as I can recall, but if I gloss over standard stuff I’ll make sure to mention it and point the reader to other resources.

1. Install MySQL

This one is really easy, even if you’ve never done any db work and there is nothing specific to a Windows / IIS install than there would be on Linux / Apache. Just run the installer, and then if you don’t want to mess with the command line, install the GUI Tools.

If you want to install MySQL to somewhere besides the default, even if you specify another dir during setup, the data directory will still be left at default (c:\programdata\mysql\mysql server 5.1\data). The installer puts the server bin files in the location you specified, but not the data dir. You can change this either using GUI Tools under startup variables, or manually in my.ini. Just make sure you stop MySQL first, then copy the data dir to the new location before you restart MySQL.

Create a new schema for your wordpress install, give it a login and set the password. WordPress recommends granting all roles to the user; I’m not real happy with that but haven’t taken the time to find out exactly what roles a fully functioning WordPress install would need. At least don’t give the wordpress user the grant role.

2. Install PHP

I went back to 5.2.11 as I was troubleshooting the image upload issue, but 5.3 appeared to work correctly. 5.3 is supposedly much faster, but my install is so small I’m not going to see a difference. If using 5.3, you have to configure the timezone in the ini file or you will get errors.

If using 5.2.11 I don’t recommend using the installer, the IISFastCGI option kept toggling to Isapi. I don’t know if it was a glitch in their installer, but it was just as easy to configure IIS manually anyway.

Prepare IIS for PHP
• note: all of the tutorials I followed for PHP on IIS have you use FastCGI so that’s what I’ll use too; some mention that performance is better than Isapi, but there are also forum posts about errors using FastCGI. For a personal install, I can’t see the performance difference being that big of an issue, so it’s up to you which you prefer.
• Open Server Manager
• Under Roles – Web Server (IIS) – Role Services click Add Role Services from the right side.
• Select Application Development – CGI and finish out the wizard.

Install PHP
• Using the PHP installer: run the installer and select IISFastCGI for the server type. The installer will configure IIS for you. (5.2.11 installer kept trying to configure Isapi instead of FastCGI so I did it manually).
Using PHP zip package and configuring IIS manually: unzip the PHP package to the desired directory.
• In IIS Manager, select your server and then double click on Handler Mappings.
• On the right hand side, under Actions, click Add Module Mapping.
• Request Path: *.php; Module: FastCgiModule; Executable: Path: <path to PHP install>\php-cgi.exe; Name: PHP (or whatever you want to name it).

Configure PHP / Edit PHP ini
• Open <path to PHP install>\php.ini
• Use Find the following:
• fastcgi.impersonate, uncomment and set to 1.
• cgi.fix_pathinfo, uncomment and set to 1.
• cgi.force_redirect, uncomment, set to 1.
• open_basedir, set to your web root ( e.g. c:\inetpub ).
• PHP 5.3 will require date.timezone set. See http://us3.php.net/manual/en/timezones.php for a list of valid timezones. Can also be set in wp-config.php using date_default_timezone_set(); but that would only be for the specific site and not server-wide.
• Uncomment extension=php_mysql.dll and extension=php_gd2.dll. Note: haven’t verified if GD2 is necessary.
• most tutorials stop here, but there are a few other things to edit if you actually want file uploads (image uploads / plugin install / theme install) to work in WordPress
• upload_tmp_dir, set to any directory you like but you will need to add write permissions for the anon authentication account for your websites ( IUSR or App pool identity ).
(Optional)
• upload_max_filesize. Default is 2M, might be on the small side if you’re uploading pictures straight from the camera, video or possibly large plugins/themes. Also related, post_max_size, default 8M, needs to be increased along with upload_max_filesize.

At this point, it’s probably worth testing the PHP install with a <?php phpinfo(); ?> page.

Reminder: If you like to use short tags they’re turned off by default. Search for short_open_tag and change to On.

3. Install WordPress

Just follow WordPress’s own Install Guide. If you’ve verified PHP is working, created a schema in MySQL and tested logging on with the user you gave schema privileges to, there shouldn’t be any problems.
Reminder: If you install WordPress to a sub directory ( e.g. <site root>#92;wordpress ) then you will need to configure WordPress Address in Settings – General to be http://<site url>#92;<sub-directory> the Blog Address to http://<site url> and then copy index.php to the root. Edit the copy of index.php at the root and replace, require(‘./wp-blog-header.php’); with require(‘./<sub-dir>/wp-blog-header.php’);.

4. Configure IIS Site

• Open IIS Manager and create your site if you didn’t install WordPress under the default website. Set the directory and bindings etc.
• Decide if you’re going to use the IUSR account or the App Pool Identity for Anonymous Authentication. Site – Authentication – Anonymous Authentication – Edit.

5. Set file permissions

This is the big step that the tutorials I found on google neglected to mention. It must be so obvious to them that it goes without saying? You’ll need to set write permissions on the plugins, themes and uploads directories under wp-content for whatever account you use for anonymous authentication. I’m not particularly happy about having write permissions open to that many top level directories, and if you didn’t want to install plugins or themes via the wordpress admin console you could get away with leaving those out. But I’m always paranoid, and wordpress has always bugged me that they don’t appear to take security a little more seriously in their setup guide.

6. Permalinks

• Open the WordPress admin console, go to Settings – Permalinks.
• If you want nice permalinks, set them under Custom. Once you save the changes your site will no longer work.
• WordPress 2.8 and above is IIS aware and will attempt to save the permalink rule to web.config for you if it has write permissions to the root of the wordpress install. Unfortunately it’s not sub-directory aware so if you’ve installed wordpress to a directory under the root you’ll need to copy the web.config to the root manually.
• WordPress 2.7 you’ll need to set the permalink rule manually.
• Open IIS Manager and select your site.
• Select URL Rewrite and then Add Rules from the right hand side.
• Create a Blank rule:
• Name: whatever you’d like.
• Requested URL: Matches the pattern
• Using: Wildcards
• Pattern: *
• Conditions – Add New
1st Condition
• Condition input: {REQUEST_FILENAME}
• Check if input string: Is not a file
2nd Condition
• Condition input: {REQUEST_FILENAME}
• Check if input string: Is not a directory
• Action Type: Rewrite
• Rewrite URL: index.php

7. (optional) Hotlinking rule

Quick and dirty url rewrite rule to prevent hotlinking resources from your site.

• Open up IIS Manager again, select your site and go to URL Rewrite again.
• Add a new Blank rule.
• Name: whatever you want
• Requested URL: Matches the pattern
• Using: Regular Expressions
• Pattern: .*
• Conditions – Add New
1st Condition
• Condition input: {HTTP_REFERER}
• Check if input string: Does not match the pattern
• Pattern: ^$
2nd Condition
• Condition input: {HTTP_REFERER}
• Check if input string: Does not match the pattern
• Pattern: http://<site url>#92;.*
• You’ll need to go back and add more conditions for any other bindings you have for the site.
• Action Type: Rewrite
• Rewrite URL: <path to replacement image/resource&gt; ( e.g. /no_hotlinking.jpg )

Possible tweaks; I used a pattern of *, basically denying hotlinking of any resource. This could be tweaked with just the extensions of resources that you’re concerned with but I’m not sure why you would.

8. Conclusion

That’s it. Everything should be working perfectly including plugin install / upgrade and theme install from the admin console. Image upload on the post should work, but please keep in mind that many WordPress users, including me, have run into a problem where it stops after ‘crunching’. Hopefully they’ll have it resolved in a newer version.