If you want to improve WordPress website security, then try to disable directory browsing. The reason behind directory browsing is privacy of your website, and it will also help you hide your files against hacking attacks.

disbale directory browsing

try to Password Protect Your WordPress Admin Directory as well so no one can do brute force attack on your website.

How to Check Directory Browsing is Disabled or Not?

http://eample.com/wp-includes/
http://eample.com/wp-content/

Try to open the above links in web browser, by inserting root URL of your website. If it shows list of folders like below picture, then it means directory browsing is not disabled.

disable directory browsing in wordpress risk

There are 2 methods to disable directory browsing:

  • Disable Directory Browsing via cPanel
  • how to Disable Directory Browsing via .htaccess File

Disable Directory Browsing via cPanel

If you want to disable directory browsing using cPanel, then follow the instructions below:

Step 1:

Access your cPanel using User & Password.

Step 2:

Search for Advance tab > Index Manager, Click on it.

disable directory browsing index manager

Step 3:

After clicking on index manager, a popup will show. Select Web Root and click on Go button, as show in the picture below.

Disable directory browsing select web root

Step 4:

Once the page reloads with new options, it will show directory list. Click on wp-content first, as shown in the picture below.

Disable directory browsing directory location

Note: If you are not seeing the same page, then click on icon of the directory to navigate up and down, until you reach the destination.

Step 5:

After clicking, you will be redirected to the setting page, select No Indexing option and click on save button.

Disable directory browsing setting page

Step 6:

Now, check the http://yourwebsite.com/wp-content/, you will see “403 Forbidden” status.

disable directory browsing 403 forbidden

Note: take same steps for /wp-includes/ directory in order disable directory browsing.

How to Disable Directory Browsing in Paper Lantern Theme

Paper Lantern is the new skin of cPanel used by many web hosting companies these days, check below picture if you want to apply directory settings using this skin:

disable directory browsing in papare lantern theme

Note: Other settings are same as described above, but there is little change in design, I hope you guys can manage it.

Disable Directory Browsing via .htaccess file

In order to disable directory browsing via .htaccess file you will need ftp client, I will use Filezilla to disabling directory browsing in WordPress.

Step 1:

Connect to your hosting using FTP, and browse to /wp-content/ and /wp-includes/ directories of your WordPress installation.

Step 2:

In normal cases there is no .htaccess file in these directories, so you need to create one.

Step 3:

Once the file is created, open or edit it.

Step 4:

If the file is already created and there is some code as well, then add the below code at the bottom of the file.

Options All -Indexes

Note: Be very careful while performing these types of practices, do not overwrite or delete any code.

Conclusion

If you are using WordPress, disabling directory browsing is one of the best security measures, in order to keep your files safe and private. Most of the webmasters do not cover this loophole in order to secure their website. At Digital Pixels, we take care of all security measures and develop custom website design for all of clients.