Imagine your website’s folders like rooms in a house. Normally, if someone opens a room and there’s no sign saying “Do Not Enter”, they might just peek inside. Similarly, if someone visits a part of your website where there’s no special “welcome” page, they might see a list of everything there (or that directory). Here is how To Disable Directory Indexes For WordPress.

Now, while sometimes it’s handy to see a list of contents, it’s not always safe. Just as you wouldn’t want strangers knowing everything in your house, you don’t want them seeing every file on your website. It could lead to security issues if sensitive files or information get exposed.

So, with a simple change, we can make sure that these folder contents aren’t visible to just anyone.

Disable Directory Indexes in .htaccess file

Luckily, Apache lets you do this with a simple directive for disabling directory views for your entire site.

Just open your website’s root folder via FTP or cPanel file manager, and find .htaccess file. (Note: If you cannot see it there in cPanel file manager, then it means that the file is hidden. Please go to file manager settings and make sure that “show hidden files” option is checked). Next, Edit .htaccess file. And add this line of code on top:

Options -Indexes

And final step, Click save. and directory indexing will be disabled across your entire site. Nothing else needs to be done. Please note that <IfModule> is not required as seen in some tutorials provided on the internet as below:

<IfModule mod_autoindex.c>
Options -Indexes

This is because the Options directive is part of the Apache core so we do not need to put the <IfModule> and </IfModule> part.

If you want to test it, You can go to any folder that does not contain index.php or index.html file. For example

Enable Directory Indexes with a .htaccess file

Sometimes for any reason you want to index contents of a specific folder on your WordPress site. You can simply create a .htaccess file in that directory and put the following code:

Options All +Indexes

Click save. And you are done.

That’s all for this tutorial. If you want to know how to keep WordPress secure in 2024 go to this link here.

If you have questions, Please feel free to put it in the comments section below


Was this article helpful?

Leave a Reply

Your email address will not be published. Required fields are marked *

Close Search Window