How to Disable Directory Listing in WordPress Hosted on Nginx Server

How to Disable Directory Listing in WordPress Hosted on Nginx Server

How to Disable Directory Listing in WordPress Hosted on Nginx Server-: Do your website hosted on NGINX server and want to disable Directory listing but do not know how to do it? Keep reading this post I will guide you in-depth to disable directory listing on a website hosted on NGINX server.

WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as the massive ecosystem of Plugins and theme, you can create any type of website with WordPress.

As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. 

How to Disable Directory Listing in WordPress Hosted on Nginx Server
Image Credit-:Sucuri.com

You Website structure has a very important role for your WordPress Website security. Directory listing provides a clear cut idea about your website structure to the hacker to find a weak section of your website. By default most web servers like Apache, NGINX and LiteSpeed have directory browsing enabled.

How to Disable Directory Listing in WordPress Hosted on Nginx ServerGo to path http://yoursitename.com/wp-includes/ and replace yoursitename.com with your website URL if you see below snapshot which means directory list is enabled on your WordPress website. In this post, I will explain how to disable directory browsing on WordPress website hosted on Nginx server. 

How to Disable Directory Listing in WordPress Hosted on Nginx Server-:

The default configuration file of an Nginx server is called nginx.conf and can be found in /usr/local/nginx/conf, /etc/nginx or /usr/local/etc/nginx. If the default value has been changed, you can see a setting similar to the following:

server {
        listen   80;
        server_name  domain.com www.domain.com;
        access_log  /var/...........................;
        root   /path/to/root;
        location / {
                index  index.php index.html index.htm;
        }
        location /somedir {
               autoindex on;
        }
 }

In this section, the determinant parameter is autoindex on; as we mentioned above. In the above example, the directory listing is configured only for the somedir directory. If no directory is specified (e.g. location / {autoindex on;}), the rule will be applied to all the folders.

Change it to Auto Inde xoff

To disable directory listing, we need to switch the value of the autoindex to off. Do not forget to run the service Nginx restart command in order for changes to go into effect: To check open http://yoursitename.com/wp-includes/ and replace yoursitename.com with your own domain. If you see below message then you have successfully disabled Directory Browsing in WordPress.

How to Disable Directory Listing in WordPress Hosted on Nginx Server

Conclusion-: Disabling Directory listing is one the most effective way to secure your website from the hacker.

Thanks for reading…“Pardon my grammar, English is not my native tongue.”

If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest and YouTube for latest updates. You May also Continue Reading my Recent Posts Which Might Interest You. 

Share the Knowledge!
  • 167
  • 79
  •  
  •  
  •  
  •  
  •  
  •  
    246
    Shares
Amar Patel on FacebookAmar Patel on PinterestAmar Patel on TwitterAmar Patel on Wordpress
Amar Patel
Hi, I am Amar Patel from India. Founder, Author and Administrator of wpknol.com. I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.
Enter your email address: Delivered by FeedBurner
Follow us on Social Media