A lot of our users got asked for more and more WordPress security tricks, tips, and hacks. Well, we have already covered how you can password protect the WordPress admin page and hide the WordPress login page.
However, most beginners are missing one important security tip on their blog! And that is disabling the directory browsing. So. in this post, we are going to show you how can you disable directory browsing in WordPress and make your blog even safer!
So, let’s get into the topic.
Why Disable Directory Browsing?
The simple answer is, for improving our blog’s security.
Here’s an example of directory browsing enabled WordPress website.
Your files will be visible to the world. This is not good for security. A hacker could easily find the vulnerability, attack your website. When we care about WordPress security, we need to make sure that the directory browsing is disabled.
For fixing a compromised/ hacked WordPress website, the experts will charge more than $200 for an hour! So, we recommend you keeping your WordPress blog updated, safer.
How To Disable Directory Browsing in WordPress?
Disabling directory browsing is pretty simple.
All you need to do is, edit your current .htaccess file and add a single line of code. As you know, most SEO plugins like WordPress SEO by Yoast, Rank Math and All In One SEO Pack offers something like this. So if you are using any of this, you can do it from the plugin’s settings.
However, we will cover both methods. using the SEO plugin and without an SEO plugin.
Using Yoast SEO
Yoast SEO is a free and awesome WordPress SEO plugin. With more than 5 million active installs, the plugin is being the loved one on the community.
SO I think you are already using this plugin on your blog. Configure the Yoast SEO properly. Under the Yoast plugin settings, you could see the tools option.
Then, choose the file editor.
From there, you will be able to make changes to your
- Robots.txt file
- and .htaccess file.
Copy the code from below.
Options -Indexes
Paste it at the end of your .htaccess file and save the changes.
You are done! Now, let’s move to the alternate method.
FTP Method
Thankfully, we have got several FTP clients which we could use. Some of the top and famous ones are:
- FileZilla.
- Cyberduck.
- FireFTP.
- CuteFTP.
- SmartFTP.
- Core FTP.
etc…
In our case, FileZilla is our favorite FTP client. So, we recommend that one. FileZilla is free FTP software. You can download it to your system from their official website.
Install it on your PC. Next thing we need is, get the FTP account credentials. If you already created an FTP account, you could use the existing credentials. When you don’t have one, log in to your cPanel account, and you will be able to create one from there.
Launch the FileZilla program.
For connecting to your server, you need a few things.
- Hostname.
- Username.
- Password.
- Port.
Retrieve that information from your FTP accounts section and connect the client to your web server.
You can see, we have successfully linked to the remote server. Go to the installation folder of WordPress. In our case, we have installed the CMS in our public_html folder.
There, you could see the htaccess file.
Right-click on the file, choose the edit option. The file will be opened in the default text editor. In the end, add the code and save the file. It will get uploaded to your web server automatically after you close the text editor.
Done!
You have successfully disabled directory browsing in WordPress.
Which Method Is Best?
As you can see, both methods are easy and won’t take too much time. Most SEO plugins are offering the htaccess editor, robots.txt editor in their options. If your SEO plugin got the settings, feel free to change it using the plugin.
When your plugin doesn’t offer something like this, try the FileZilla method. In that case, you may want to consider creating an FTP account.
We hope you found this post helpful and enjoyed the read. If you did, please consider sharing this post with your friends and fellow bloggers on social media. For more awesome WordPress tutorials, you need to check out our blog.