How to disable Directory Browsing in WordPress

How to disable Directory Browsing in WordPress

How to disable Directory Browsing in WordPress using .htaccess FileHow to disable Directory Browsing in WordPress using .htaccess File-: WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as a massive ecosystem of plugins and theme, you can create any type of website with WordPress.

As WordPress is more popular CMS, therefore, it is main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. 

How to disable Directory Browsing in WordPress using .htaccess File
Image Credit-: Sucuri.com

Most of the Web server like Apache, NGINX and Litespeed have directory browsing enabled by default. It simply means that people can view the content of the individual folders (directories) in your website. It is a security risk to disclose your directory file, Hackers can easily find potential exploits in themes and plugins by sniffing through those files.

WordPress folders like wp-content or wp-includes contain sensitive data. wp-content folder contains themes, plugins and media uploads disclosing it could be very risky, It will help hacker to find loophole in your WordPress Website.

open link http://yoursitename.com/wp-includes/ and replace yoursitename.com with your website address. If you see a bunch of files are visible which mean directory browsing is enabled, it will look something like this:

How to disable Directory Browsing in WordPress using .htaccess File

How to disable Directory Browsing in WordPress-:

There will be a .htaccess file in your WordPress root directory. Access you Hosting cPanel with your login credential or you can use Filezilla FTP client for more info Read my complete guide on How to Use Filezilla FTP client with your WordPress Hosting. Download your .htaccess file as backup and rename it as .htaccess_backup In general, most .htaccess files contain the following code: Open your .htaccess_backup file with notepad, it will look like this

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Now add following code to above .htaccess file before # END WordPress

Options All -Indexes

The The modified code will look like:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Options All -Indexes
# END WordPress

Now rename your .htaccess_backup file to original one and replace original file in the Root directory. To check open http://yoursitename.com/wp-includes/ and replace yoursitename.com with your own domain. If you see below message then you have successfully disabled Directory Browsing in WordPress.

How to disable Directory Browsing in WordPress using .htaccess File

Thanks for reading…“Pardon my grammar, English is not my native tongue.”

If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You may Subscribe My Email Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You. 

Share the Knowledge!
  • 32
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    32
    Shares
Amar Patel on FacebookAmar Patel on PinterestAmar Patel on TwitterAmar Patel on Wordpress
Amar Patel
Hi, I am Amar Patel from India. Founder, Author and Administrator of wpknol.com. I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.
Enter your email address: Delivered by FeedBurner
Follow us on Social Media