How to Disable Directory Browsing in WordPress (2 quick methods)

How to Disable Directory Browsing in WordPress (2 quick methods)

If you’re looking for ways to improve protection, one thing you should think about is preventing people from directory browsing of your files.

If you don’t place a “index.html” file in a new directory (or folder) on your website, you might be shocked to learn that your visitors will get a directory listing of all the files in that folder. If you create a folder called “incoming,” for example, you can view everything in it by typing “https://www.example.com/incoming/” into your browser. There is no need for a password or anything else.

The truth is that your site’s directory files are visible to everyone in the world who knows where to look, and they’re very easy to locate.

When you remember that these files contain confidential information and can give hackers the upper hand when trying to break in and tamper or practically set your site ablaze, it’s a little unsettling. As a result, maintaining a WordPress backup of your website is also important to avoid losing files and to restore them if anything goes wrong.

Want to make sure it doesn’t happen? Then there’s an easy fix for keeping your files secure.

Disabling Directory Browsing On Your WordPress Site

So, let’s get started. Here’s the code you’ll be using:

Options All -Indexes

Now you’ll need to get into your site’s.htaccess file. This can be accomplished in one of two ways:

Using FileZilla or another FTP client
Using the File Manager in your hosting account’s cPanel

How To Disable Directory Browsing in WordPress using cPanel

To begin, log in to your web hosting account and navigate to your cPanel.

After that, go to the Files section and select File Manager. When you click there, a box will appear asking when you want to look at the files (the files in a certain URL).

Select the Web Root directory option, enter your domain, and check the box labeled “Show Hidden Files.”

You’ll be taken to another screen that lists all of the files in that domain. Look for the.htaccess file in the list of files that appears.

Download the file and save it somewhere secure until you open it. After that, click on the file and then go to the Display button at the top of the screen to see the file.

There should be a few lines of code there, including:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Now add this code:

Options All -Indexes

Put it at the end of the code to make it look like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Options All -Indexes

Save your changes, and your directory is now safe from prying eyes. You can double-check this by visiting your site and adding /wp-includes/ to the URL.

If you followed the steps correctly, you should receive a 404 Error or Permission Error, indicating that your efforts were good!

How To Disable Directory Browsing in WordPress using FTP

Login to your public_html folder via FTP (FIleZilla or any other FTP Client), and locate a file “.htaccess”. Right click on it, and then click on Edit. Add this code bellow everything, and just save it. That is all.

Options All -Indexes

After you have disable directory browsing, you should continue to increase the security level, you can also customize the WordPress login URL  so that the hackers don’t have an easy way out to find the access to your WordPress Dashboard.

Even though this isn’t considered a “necessary” measure by some, it’s probably one you should take anyway. Your information is valuable and should be kept private.

It will only take a few minutes, but it is safer to be safe than sorry.

What is your favourite Security tip or plugin?

Leave a Reply