If you don’t have an index file in your WordPress directory, then the web server automatically displays an index page containing your website files and folders. This index page is visible to all users and they can easily see which wordpress theme and plugins you are using and know more about your website structure.
This is where hackers can exploit your site with the known vulnerabilities in your WordPress theme and plugins to gain access. They can also see your website files and can download them. If your WordPress security is not high enough, then it will be easier for them to hack your website. By disabling, directory browsing in WordPress can solve the issue and it will strengthen your WordPress security.
In this article, I will show you how to disable directory browsing in WordPress.
Before we start, lets first check whether the directory browsing is enabled or not on your WordPress site.
From your web browser, enter your website name. If the browser displays an index page of your website content, then the directory browsing is enabled. If you see a blank page, then the directory browsing is disabled.
How to Disable Directory Browsing in WordPress Using .htaccess
Disabling directory listing in WordPress is quite an easy process.
First login to your web hosting cPanel and go to the root directory of your WordPress site. From there, find the .htaccess file.
If you don’t find a .htaccess file inside the root directory, make sure you have checked show hidden files option from settings.
Now edit the .htaccess file add the following code in the end.
Options All -Indexes
In general, the .htaccess file contains the following:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /example.com/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /example.com/index.php [L]
</IfModule>
# END WordPress
After modifying the .htaccess file, it will look like this:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /example.com/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /example.com/index.php [L]
</IfModule>
# END WordPress
Options All -Indexes
After that save the file and you are done. You have now disabled directory browsing in WordPress.
You can go to your web browser and type your website name, you will either see a blank page or access forbidden page.
I hope this tutorial helped you to disable directory listening in WordPress. If you have a question about this topic, leave a comment below. Don’t forget to share it with your friends.
Related WordPress Articles,
- How to Password Protect WordPress Login Page
- 7 Best WordPress Backup Plugins
- How to Automatically Log Out Idle Users in WordPress
