WordPress Internal Server Error 500 for Uploaded Images
After upgrading WordPress on my Windows Server 2008 to version 3.4.1, I encountered a quite strange behavior. Using the Add New Post functionality, images, uploaded by multi-file-uploader have not been displayed anymore, neither in the editor nor in the post itself.
Once you finished your article, your blog will end up with a Internal Server Error 500. However, all thumbnails created by WordPress can be requested without any problems.
Eventually, I started to do some research on this issue, ending in a quite exhaustive digging down to the metal of Windows, however, with a quite surprisingly outcome. In this article I’ll try to give an overview of this issue, explaining why this occurs on Windows and how to solve this with almost a single click.
There are quite a lot of blog entries and stackoverflow answers about this topic with more or less useful steps. If you are just looking for the quick answer, without the need of understanding what causes this particular problem, here it comes:
Change the system’s default temp folder (C:\Windows\temp) rights by granting rights for IIS_IUSRS user and you are probably done.
The WordPress image upload is using the standard PHP functionality, using the temporary upload folder specified in your php.ini file. By default, PHP is using the system’s temporary directory (e.g. c:\windows\temp) for uploading the initial image.
Eventually, using the system’s temp folder is the root cause of the issue described in this article. When uploading the image to the temp folder, the file is initially created on the system. Consequently, the file is inheriting the folder’s security settings. After uploading, the original file is copied into the destination folder, e.g. \wp-content\uploads\2012\08. Here all thumbnails are generated from the original file. As they are being created in the destination folder, they will inherit the security settings from this folder resulting in two different sets of permissions applied to the original file and the thumbnails. This explains why you will only receive an error with error code 500 for the original file, while all the thumbnails can be requested without any problems.
In case you have already images the destination folder causing an error code 500, you can reapply the actual rights of the wp-content folder which will probably fix the problem.
In case changing the permissions of the system’s temp folder does not fix the issue, check your php.ini file if another upload folder is specified in the file uploads section. Baer in mind that PHP will use the system’s temp file for uploads also as backup in case PHP has no access rights for the folder specified in the php.ini file.
If you consider granting IIS_IUSRS as a security risk to access the system’s default temp folder you might want to specify an alternate upload folder anyway.