« Previous Next »

• 10-17-2009, 4:00 AM

  Dscoduc Joined on 10-17-2009, 3:43 AM Posts 3

  Locking down files and folders Reply Contact Having recently installed PHP on my Windows 2008 and installing Wordpress I came to the point where I wanted to lock down the file ACL's.  I have been trying to understand the identity that Wordpress is running under (assuming it's the AppPool identity) and also the identity that web clients are accessing with.  The problem is I can't seem to get my head around this compared to how ASP.NET and IIS 6.0/7.0 works. I guess there are two different accounts:  the app pool acount which needs mostly read-only access with limited write access to specific files and folders.  As for client access, is there a specific/different account used by clients when connecting to Wordpress or is it using the same App Pool identity?  Much appreciated.

  Tags: PHPFastCGI

• 10-17-2009, 5:30 PM

  In reply to

  don.raman Joined on 03-16-2009, 5:34 PM Posts 344	Re: Locking down files and folders Reply Contact Hi, Please refer to the below links. They explain this in great detail: http://learn.iis.net/page.aspx/140/understanding-the-built-in-user-and-group-accounts-in-iis-70/ http://blogs.iis.net/ruslany/archive/2009/02/06/how-to-secure-wordpress-admin-directory-on-iis-7-0.aspx Hope this helps. Thanks, Don.

• 10-17-2009, 6:47 PM

  In reply to

  Dscoduc Joined on 10-17-2009, 3:43 AM Posts 3

  Re: Locking down files and folders Reply Contact Thank you for the info...  The first link is interesting...  I like to see how the IIS PG spent time making it easier to manage Anonymous and AppPool identities.  The second link was borderline rubbish.  It's an interesting idea to use FBA to secure your wp-admin folder but the way this article describes the process there are serious holes and risks. My issue is I would like to limit access to the most bare necessity but can't seem to find good documentation about what rights are needed.  When you look at the Wordpress documentation it only references permissions for *nix environments and there are significant differences between the way Apache and IIS operate...

• 10-17-2009, 6:58 PM

  In reply to

  don.raman Joined on 03-16-2009, 5:34 PM Posts 344	Re: Locking down files and folders Reply Contact Look at this article http://learn.iis.net/page.aspx/583/securing-content-in-iis-through-file-system-acls/. Since you are going tun the site on Windows, I would also advise you to get familiar with Windows file system permission in general. Just search the web and you will tons of articles. Thanks, Don.

• 10-18-2009, 12:25 AM

  In reply to

  Dscoduc Joined on 10-17-2009, 3:43 AM Posts 3	Re: Locking down files and folders Reply Contact Thanks for that latest link.  It's a good read to help understand the identities.  Now I just have to figure out how that works in a WordPress environment...