Disable ECDH public server param reuse in Windows Server IIS

ECDH public server param reuse is when a server uses the same DH (Diffie-Hellman) key value for multiple handshakes, instead of generating a new one for every handshake. They should be "ephemeral" though which is why it is called "DHE" or "ECDHE", and this means the key is single-use and should never be reused. Windows Server IIS is known for reusing DH key values, but there is a way to disable ECDH public server param reuse in Windows Server IIS.
IIS Manager for Remote Administration in Windows 10

Install and setup IIS Manager for Remote Administration in Windows Server IIS (step by step)

In this article you’ll learn how to install and setup IIS Manager in Windows 11/10 to manage your website(s). You can also follow these steps to install Internet Information Services (IIS) Manager on a Windows Server Core edition, to locally or remotely manage hosted websites. This post also shows how to install IIS Web Management Service (WMSVC) on Server Core using PowerShell.
Set PHP handler accessPolicy (Request Restrictions) to Read in IIS

Disallow direct access to PHP files in wp-content/uploads/

It's recommended to disallow access to and execution of PHP files in wp-content/uploads folder. Preferably without the use of a security plugin. Blocking access to PHP files in WordPress wp-content/uploads folder is easily achieved with a .htaccess file on Linux Apache, or web.config accesssPolicy in Windows Server IIS, and here is how. Secure your WordPress site with this simple, yet effective, tip!
HTTP Basic authentication

Basic Authentication module for Windows Server IIS 10

Basic Authentication managed HTTP module for IIS 10 with virtual users support. In my pursuit of a basic authentication alternative in IIS, other than the built-in Basic Authentication module or Helicon Ape, I came across Devbridge AzurePowerTools. It's apparently one of few HTTP managed modules for IIS that enables HTTP Basic Authentication with support for virtual users.