Hosting multiple Wordpress websites on IIS

We need to download and install WebPI5.0 first. You can download it from the link below.

https://www.microsoft.com/web/downloads/platform.aspx

After you install the WebPI, let's open up the hosts file that is located "C:\Windows\System32\drivers\etc\hosts" and add entry for our first domain name. I will call the first site as mysite.com. Save and close the hosts file.

127.0.0.1             mysite.com

::1                         mysite.com

Start WebPI and type wordpress in search box and Click Add button for Wordpress.

Create a folder named MySite under wwwroot folder. Leave "Wordpress application name" empty

You can just skip the window below or enter authentication keys and salts. WordPress security keys are made up of four authentication keys and four hashing salts (random data) that when used together they add an extra layer to your cookies and passwords. You can use the link below to generate those keys.

https://api.wordpress.org/secret-key/1.1/salt/

Database, DB Username and Password will be generated automatically.

After you click Finish button, wordpress setup start page will pop up. 

 I have noticed that the database user created by the WebPI had priviledges but GRANT was not checked, so make sure you check GRANT by using phpMyAdmin.

If you have a SSL certificate you can add it to IIS  from bindings

Enter your new wordpress site's admin panel > Settings > General > change Wordpress Address (URL) and Site Address (URL) to https.

I want my site visitors to be redirected to https even if they type my site's url with http. So I add URL rewrite rule on IIS. Open IIS > URL Rewrite > Add Rule > Blank Rule

Requested URL Pattern : (.*)

Condition input: {HTTPS}

Condition Pattern: ^OFF$

Action Type: Redirect

Redirected URL: https://mysite.com{REQUEST_URI}

Redirect type: Found(302)

 In your wp-config.php file find: define('DB_HOST', 'localhost);

Replace with this: define('DB_HOST', '127.0.0.1');

Folder Permissions:

1. By default, "IUSR" user has modify right and "IIS_USRS" user has read, list,execute rights on wp-content folder. We need to give modify right to "IIS_USRS" as well.

2. Open IIS and right click on your site > double click Authentication on the right side. Right click on Anonymous Authentication >Edit>make sure "IUSR" user is added under Specific User.

3. PHP does not set access right for IIS. Therefore, you might see error500 while moving a file whiich is uploaded into wp-content/upload. In order to fix this we have to grant Modifyaccess rights for IIS_IUSRS to PHP’s temporary directory (usually C:\Windows\Temp but you can check if your php.ini configuration says otherwise). Open Properties for C:\Windows\Temp, go to Security and click Advanced. First, click Enable inheritance so access rights can be passed down to files and subdirectories.

When you think everything is ready for your site. You should make sure web.config file can not be modified. Stop your site on IIS.

Right click on web.config Properties > Security > Advanced > Disable Inheritance

Make sure Authenticated Users and IUSR user has only read and execute rights as below.

Restart your site on IIS.

Just follow the same procedure for the other sites that you want to host.