...
Home Advanced Solutions, WP Security TutorialsHow To Disable Directory Indexes For WordPress

How To Disable Directory Indexes For WordPress

December 28, 2023

if someone visits a part of your website where there's no special "welcome" page, they might see a list of every file there

Imagine your website’s folders like rooms in a house. Normally, if someone opens a room and there’s no sign saying “Do Not Enter”, they might just peek inside. Similarly, if someone visits a part of your website where there’s no special “welcome” page, they might see a list of everything there (or that directory). Here is how To Disable Directory Indexes For WordPress.

Now, while sometimes it’s handy to see a list of contents, it’s not always safe. Just as you wouldn’t want strangers knowing everything in your house, you don’t want them seeing every file on your website. It could lead to security issues if sensitive files or information get exposed.

So, with a simple change, we can make sure that these folder contents aren’t visible to just anyone.

Disable Directory Indexes in .htaccess file

Luckily, Apache lets you do this with a simple directive for disabling directory views for your entire site.

Just open your website’s root folder via FTP or cPanel file manager, and find .htaccess file. (Note: If you cannot see it there in cPanel file manager, then it means that the file is hidden. Please go to file manager settings and make sure that “show hidden files” option is checked). Next, Edit .htaccess file. And add this line of code on top:

# DISABLE DIRECTORY INDEXES
Options -Indexes

And final step, Click save. and directory indexing will be disabled across your entire site. Nothing else needs to be done. Please note that <IfModule> is not required as seen in some tutorials provided on the internet as below:

<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>

This is because the Options directive is part of the Apache core so we do not need to put the <IfModule> and </IfModule> part.

If you want to test it, You can go to any folder that does not contain index.php or index.html file. For example https://your-site.com/folder-name-without-index-file.

Enable Directory Indexes with a .htaccess file

Sometimes for any reason you want to index contents of a specific folder on your WordPress site. You can simply create a .htaccess file in that directory and put the following code:

# ENABLE DIRECTORY INDEXES
Options All +Indexes

Click save. And you are done.

That’s all for this tutorial. If you want to know how to keep WordPress secure in 2024 go to this link here.

If you have questions, Please feel free to put it in the comments section below

 

Was this article helpful?
YesNo

Last modified: January 8, 2024

Related Articles

WordPress Statistics That Everyone Need To Know In 2024
How to Backup a WordPress Site With a Plugin (Safest Method)
Why is WordPress Security Important?
How to Disable XML-RPC in WordPress (Safe Methods)
How to Change WordPress Database Prefix for Better Security
How to keep WordPress secure in 2024

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Search Window