Using WordPress on IIS7

January 3, 2009 · 26 comments

I’ve been running WordPress 2.7 for a few weeks now and I have been very happy with it so far. In this post I’ll share my thought process behind running WordPress on IIS7 and the details on how I have it setup.

I setup my first blog back in 2006 running on dasBlog. I was never really happy with it, mostly because I couldn’t find a theme I liked. I wrote a few posts, then when I changed hosting providers, I never setup the permissions correctly and was unable to post. It would have been an easy fix, but it became an excuse to not blog.

When I decided to start blogging again, I wanted something that would be easy to setup, and wouldn’t take a lot of effort to maintain. Since I’m a fan of Google’s offerings, I started off using Blogger. Unfortunately, I ran into some DNS limitations and couldn’t get things setup the way I wanted. I also checked out the hosted WordPress solution, but it was even more limited then Blogger.

I decided to use WordPress as my blogging platform because there is a very active community, lots of themes available, and because you there are plugins that allow you to add whatever features you want without any coding.

Since IIS7 has decent PHP support, I decided to use a Windows plan on This will allow me to put .NET apps on my site down the road. I also have another site that I need to host that requires .NET and this keeps my hosting costs lower.

Installing WordPress 2.7 was pretty easy. I just had to create a MySQL database, upload the WordPress files and run through the setup.

Next, I had to get pretty permalinks working the way I wanted them. One way to do this would be to use Microsoft’s URL Rewrite Module. The problem is that GoDaddy doesn’t currently support the URL Rewrite Module (I’ve heard that they plan to support it soon). I ended up using the ManagedFusion Url Rewriter.

Setting Up the Managed Fusion Url Rewriter to work with WordPress

Download the ManagedFusion Url Rewriter files here.

If you don’t already have one, create a folder named “bin” at the root of your blog.

Copy ManagedFusion.Rewriter.dll and ManagedFusionRewriter.pdb into the bin folder you just created.

If you don’t have one, create a file named “web.config” in the root folder of your blog that looks like the one below, otherwise just add the info to your existing web.config.


        <validation validateintegratedmodeconfiguration="false" />
            <modules runallmanagedmodulesforallrequests="true">
                <add type="ManagedFusion.Rewriter.RewriterModule, ManagedFusion.Rewriter" name="RewriterModule" />
                <add type="System.Web.HttpForbiddenHandler, System.Web, Version=, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" name="RewriterProxyHandler" path="RewriterProxy.axd" verb="*" precondition="integratedMode" />

Create a file named “ManagedFusion.Rewriter.rules” in the root folder of your blog. This will allow you to use .htaccess syntax to handle the Url Rewrites. I set mine up to remove the www from my hostname, remove index.php from the url, and redirect urls from my old blog to the new location.


#  Managed Fusion Url Rewriter
#  Developed by: Nick Berardi
#       Support:
RewriteEngine on
# Place Rules Below
# misc WordPress rewrites
RewriteRule ^/wp-login\.php$ /wp-login.php [L]
RewriteRule ^/wp-comments-post\.php$ /wp-comments-post.php [L]
RewriteRule ^/wp-admin/(.*)$ /wp-admin/$1 [L]
# deny access to evil robots site rippers offline browsers and other nasty scum
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus.*Webster [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
# remove www
RewriteCond %{HTTP_HOST} ^www\.robboek\.com$ [NC]
RewriteRule ^(.*)$$1 [R=301]
# redirect old urls
RewriteRule ^/2008/12/blog-on-hold.html$ /2008/12/12/blog-on-hold/ [R=301]
RewriteRule ^/2008/11/google-chrome-wont-start-in-vista-x64\.html$ /2008/11/16/google-chrome-wont-start-in-vista-x64/ [R=301]
RewriteRule ^/2008/11/pass-community-summit-2008-events.html$ /2008/11/14/pass-community-summit-2008-events-calendar/ [R=301]
RewriteRule ^/2008/11/fort-stevens-camping-trip.html$ /2008/11/14/fort-stevens-camping-trip/ [R=301]
RewriteRule ^/2008/10/first-post.html$ /2008/10/10/first-post/ [R=301]
RewriteRule ^/blog/CommentView,guid,1d8cba50-0814-4c89-86df-eca669973e8e.aspx$ /2006/09/29/junctions-in-windows-vista/ [R=301]
RewriteRule ^/blog/2006/09/29/JunctionsInWindowsVista.aspx$ /2006/09/29/junctions-in-windows-vista/ [R=301]
# rewrite all nonexistent files and directories to use index.php for WordPress
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /index.php$1

I also setup a custom 404 error page that will allow me to use the WordPress 404 page in my theme.


$pos = strrpos($qs, '://');
$pos = strpos($qs, '/', $pos + 4);
$_SERVER['REQUEST_URI'] = substr($qs, $pos);

Plugins I’m using

DISQUS Comment System

The main reason I’m using DISQUS is because comment notification emails weren’t working for me with the default WordPress comments. It does add some nice functionality though, including threaded comments, comment spam protection, facebook connect integration and more. The other thing I liked about DISQUS is that all of my comments are synced in the WordPress database so if I ever want to stop using DISQUS, all I need to do is disable it.

FeedBurner FeedSmith

Redirects the RSS links over to my feed on FeedBurner.

Google Analyticator

Makes it easy to add Google Analytics tracking codes. It also has some nice features like disabling tracking for blog administrators.

Simple Google Sitemap

Generates an XML sitemap to give to the search engines. If you haven’t tried Google Webmaster Tools it’s worth a look.


Easy to use syntax highlighting code like you see in this post.

Other tweaks

I’m running the Revolution Code Grey theme, with a FriendFeed badge, a DISQUS comments widget and a and Twitter updates widget. The rest are just the standard widgets that come with WordPress.

I’m also using my blog as an OpenID using my Google account for authentication.

{ 23 comments… read them below or add one }

Ramesh January 11, 2009 at 2:33 am

When you used managedfusion on godaddy, how did you manage to get around the trust level issue? Right now they issue only a medium level and I'm guessing managedfusion requires full. I haven't been able to get it to work on godaddy so far. Any ideas?

Thanks in advance

Rob Boek January 11, 2009 at 2:42 am

Managed Fusion has supported medium trust since version 1.0.1 according to the release notes (…). I didn't have to do anything special to get it to work on GoDaddy.

Ramesh January 11, 2009 at 3:17 am

Hmm… Strange, because the moment I add the following into the web.config:

<add name=”RewriterModule” type=”ManagedFusion.Rewriter.RewriterModule, ManagedFusion.Rewriter” />

It throws me an error saying

SecurityException: Request for the permission of type 'System.Web.AspNetHostingPermission, System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.]
System.Security.CodeAccessSecurityEngine.Check(Object demand, StackCrawlMark& stackMark, Boolean isPermSet) +0
System.Security.CodeAccessPermission.Demand() +59
System.Web.Hosting.HostingEnvironment.get_ApplicationID() +61
IIS7Injector.TraceManager.TraceEvent(TraceEventType eventType, String message) +62
IIS7Injector.ConfigManager.IsSkippedUrl(HttpRequest request, String ContentType) +38
IIS7Injector.InjectedContentStream.Write(Byte[] buffer, Int32 offset, Int32 count) +153
ManagedFusion.Rewriter.FormActionFilter.Write(Byte[] buffer, Int32 offset, Int32 count) in FormActionFilter.cs:213
System.Web.HttpWriter.FilterIntegrated(Boolean finalFiltering, IIS7WorkerRequest wr) +265
System.Web.HttpResponse.FilterOutput() +80
System.Web.CallFilterExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +54
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +64

Any thoughts on it?

Peter Meyer March 11, 2009 at 8:41 pm

@Ramesh – I am working on getting the latest version of ManagedFusion URLRewriter working on a shared GoDaddy IIS7 account. From what I can tell, the only time you run into an issue with trust level is if you attempt to turn RewriteLog. I tried to do this and got a code access security exception, though my stack trace was different than what you have and if I recall, the issue was with TraceListener — this after I ensured the directory was writable, etc.

Manu March 18, 2009 at 9:33 am

I tried the exact same steps you mentioned. But it didnt work for me. I get the following error :
500 – Internal server error.
There is a problem with the resource you are looking for, and it cannot be displayed.
Hosting : Godaddy with Delux Windows hositng with IIs7.
— Web Config —

Let me know, if there is any error in web.config file. I have place the dlls in bin folder too.


Manu March 18, 2009 at 6:34 pm

I got the posts to work after tweaking the wordpress program. But I am not able to do postback to any of the wp-admin pages. I did put the below code in my .rules file. Any idea why it is not able to do postbacks?

RewriteRule ^/wp-login\.php$ /wp-login.php [L]
RewriteRule ^/wp-comments-post\.php$ /wp-comments-post.php [L]
RewriteRule ^/wp-admin/(.*)$ /wp-admin/$1 [L]

Vinay March 25, 2009 at 6:55 am

Manu, how were you able to solve the web.config issue. I’m also getting the same 500 Internal server error.

Any ideas on how to debug this issues since godaddy does not show error logs?

Any help would be appreciated


Caleb March 25, 2009 at 2:05 pm

same here I’m getting a 500 error. my wordpress site is also in a sub directory on my hosting account, but the domain points to that sub directory as it’s root. does the web.config and bin go in my wordpress sub dir or in my hosting root directory?

Damn you GoDaddy!!!

Costumes March 26, 2009 at 5:56 am

I got it working for me under Godaddy’s Shared hosting account with IIS7 when the site is not hosted at root level.

For that you will need quiet a few code changes in few files on Wordpress, without that its not possible.

Caleb March 26, 2009 at 6:11 am

Um… way to leave me hanging. Can you post a link with more information?


Vinay April 2, 2009 at 8:30 pm

Hey Costumes, Can you provide some more info on how you were able to solve the problem?


dude April 3, 2009 at 1:41 pm

to have godaddy work, you need to add the bin directory on the IIS Settings from the godaddy admin. Just add the directory and wait a couple of minutes , then just copy the dll and pdb file manually.
BUT i get a new error:
The virtual path ‘/index.php/ ….. .bla bla/’ maps to another application, which is not allowed
so it looks like .net security getting in the way, i’ve seen other posts with the same problem,
any solutions to this ?

Ash April 10, 2009 at 6:25 am

Try adding:

RewriteBase /blog/

as the second line of your rules where “/blog/” is the path from the root directory to the root of your blog.

That fixed this error for me. Unfortunately I’m still stuck with the 500 errors on any of the blog admin pages. The blog itself is fine, the admin stuff either hangs or gets the errors.

medcl June 11, 2009 at 12:28 am

to handle 500 error is easy,login into godaddy webcontrol,and go to filemanage,and check your blog folder,and then click permissions,and set writable,so the 500 error will gone.

korey kashmer June 21, 2009 at 1:23 pm

hey guys, i am having the godaddy 500 error as well. Not sure what I am doing wrong here. I have as the location. I dropped web.config, bin folder with files and rules file into the blog folder. also set permissions on blog folder in godaddy interface to read and write and also setup bin folder in iis. Not sure what else to do here.

Bill August 6, 2009 at 8:32 pm

Hi all,
I, too, am struggling with the 500 error on GoDaddy. Not using rewriting, just trying to get wordpress working. I started a support ticket with them, and they told me (after a week) that it was a problem with my web.config. No other details, of course, since it is “third party software” and they don’t support it. However, when I rename my web.config, the 500 disappears entirely and my admin pages work great. Trouble is, I need it, kinda, for the rest of my site, which is .NET. Any idea what wordpress might be looking for in there?

Mullikin September 28, 2009 at 9:14 am

Get the same error how do rename your web config.

Hose Reels

Mason October 1, 2009 at 1:09 pm

Hi. I’m setting up expression engine on GoDaddy windows economy hosting (the $4.99 option; turns out it support URL Rewrite now), and I am trying to remove index.php and index.php/site from the url. After much trial and error (and many many 500 errors) I have it working for a single url as such:

As you can see, the site is in a staging folder, so I’m crossing my fingers that this solution will work by removing ./staging’ when I relocate to root, but I would also like to expand it to rewrite index.php? out of the url always (not just for /blog), but every attempt has resulted in 500 errors (many many many…). Expression Engine is installed into the staging folder, blog is just a template I have. So would anyone in the know please help me rewrite this rewrite to work globally?

Mason October 1, 2009 at 1:11 pm

Shoot, removed my code. Let me try again:

rule name=”Rewrite Rule”>
match url=”.*” />
add input=”{StaticRewrites:{REQUEST_URI}}” pattern=”(.+)” />
action type=”Rewrite” url=”{C:1}”/>
rewriteMap name=”StaticRewrites” defaultValue=””>
add key=”/staging/blog” value=”/staging/index.php?blog” />

Mason October 2, 2009 at 8:33 am

Found a solution on the EE forums that I thought didn’t work, but then realized it was because of my ‘staging’ subfolder (you would want to replace this or remove it, depending on your setup). Hope this helps anyone with a wordpress or ExpressionEngine installation on windows hosting on godaddy:

<remove value=”default.aspx” />
<remove value=”iisstart.htm” />
<remove value=”index.html” />
<remove value=”index.htm” />
<remove value=”Default.asp” />
<remove value=”Default.htm” />
<add value=”index.php” />
<rule name=”Imported Rule 1″ stopProcessing=”true”>
<match url=”^(.*)$” ignoreCase=”false” />
<conditions logicalGrouping=”MatchAll”>
<add input=”{R:1}” negate=”true” pattern=”^(pdfs|css|js|swf|images|system|tools|themes|index\.php)” />
<action type=”Rewrite” url=”/staging/index.php/{R:1}” />

mukesh November 26, 2011 at 2:31 am

No need to install any ISAPI filter to remove the index.php from WordPress permalinks.No need of .htaccess file..Use these simple steps to WordPress Permalinks in IIS 6.0 using Custom 404 Redirect for Windows Shared hosting/manas hosting or any windows shared hosting.

Lutre June 17, 2012 at 11:14 am

Mukesh, why are you trying to install malware through your link?

Richard October 3, 2012 at 2:48 am

Hi Rob
Nice article/post on WordPress & IIS.
I see it is quite old though (back in 2009 I think I was using XAMPP on WinXP as my localhostserver but now I use IIS on Win7).

I have a problem running WP on my localhost IIS setup that I cannot auto-update the site to the latest WordPress version. I wonder if it is a problem with the web.config file but I do not know how to fix it! Any idea?
Thanks & best wishes

Leave a Comment

{ 3 trackbacks }