WordPress IIS Web Server Support

By default, WordPress uses a .htaccess file to manipulate how Apache serves files from your website. However, Internet Information Services (IIS), known as a Windows server, doesn’t read and understand .htaccess rules. Instead, you will need to create & updates rules on the so-called “web.config” file, which does exactly what a .htaccess would on Apache servers.

In order for our Prevent Direct Access plugin to work properly on your IIS web server, please put the following additional codes on your web.config file located at your WordPress website’s root folder.

If the web.config file does not exist, simply create a new one.

PDA Lite

<?xml version="1.0"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <!-- START - Prevent Direct Access Lite rules - START -->
        <rule name="Imported Rule 1" stopProcessing="true">
          <match url="private/([a-zA-Z0-9]+)$" ignoreCase="false"/>
          <action type="Rewrite" url="index.php?pda_v3_pf={R:1}" appendQueryString="false"/>
        </rule>
        <rule name="Imported Rule 2" stopProcessing="true">
          <match url="wp-content/uploads/_pda(\/[A-Za-z0-9_@.\/&amp;+-]+)+\.([A-Za-z0-9_@.\/&amp;+-]+)$" ignoreCase="false"/>
          <action type="Rewrite" url="index.php?pda_v3_pf={R:1}&amp;is_direct_access=true&amp;file_type={R:2}" appendQueryString="true"/>
        </rule>
        <!-- END - Prevent Direct Access Lite rules - END -->
        <rule name="wordpress" patternSyntax="Wildcard">
          <match url="*"/>
          <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true"/>
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true"/>
          </conditions>
          <action type="Rewrite" url="index.php"/>
        </rule>
      </rules>
    </rewrite>
  </system.webServer>
  <system.web>
    <compilation debug="true"/>
  </system.web>
</configuration>

PDA Gold

<?xml version="1.0" encoding="UTF-8"?>
 <configuration>
  <system.webServer>
   <rewrite>
    <rules>

     <!-- START - Prevent Direct Access Gold rules - START -->
     <rule name="pda-original-link" patternSyntax="ECMAScript">
        <match url="wp-content/uploads(/_pda/.*\.\w+)" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
       </conditions>
       <action type="Rewrite" url="/index.php?pda_v3_pf={R:1}" />
    </rule>
    <rule name="pda-private-link" patternSyntax="ECMAScript">
        <match url="private/([a-zA-Z0-9-_]+)" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
        </conditions>
      <action type="Rewrite" url="/index.php?pda_v3_pf={R:1}&amp;pdav3_rexypo=ymerexy" />
    </rule>
    <!-- END - Put our rules just above your WordPress rules - END -->

    <rule name="wordpress" patternSyntax="Wildcard">
        <match url="*" />
        <conditions logicalGrouping="MatchAll" trackAllCaptures="false">
            <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            <add input="{REQUEST_FILENAME}" matchType="IsDirectory" negate="true" />
        </conditions>
        <action type="Rewrite" url="index.php" />
    </rule>

   </rules>
  </rewrite>
 </system.webServer>
</configuration>
Lasted updated on August 20, 2021