MY NUMBER 1 RECOMMENDATION TO CREATE FULL TIME INCOME ONLINE: CLICK HERE
Do you want to disable directory browsing in WordPress?
Browsing the directory can put your website at risk by showing hackers important information that can be used to exploit vulnerabilities in plugins, themes, or even your hosting server.
In this article, we will show you how to disable directory browsing in WordPress.
What does disabling directory browsing do in WordPress?
Every time someone visits your website, your web server will process that request.
Typically, the server delivers an index file, such as index.html, to the visitor’s browser. However, if the server cannot find the index file, it may display all files and folders in the requested directory instead.
This is directory browsing and is often enabled by default.
If you’ve ever visited a website and seen a list of files and folders instead of a web page, you’ve seen directory browsing in action.
The problem is that by browsing the directory, hackers can see the files that make up your website, including all the themes and plugins you use.
If any of these themes or plugins have known vulnerabilities, hackers can use that knowledge to take control of yours WordPress blog or website, stole your information, or performed other actions.
Attackers can also use directory browsing to view confidential information in your files and folders. They may even copy the content of your website, including content that you would normally charge for, such as e-book downloads or online courses.
Therefore, it is considered a best practice to disable directory browsing in WordPress.
How to Check if Directory Browsing is Enabled in WordPress
The easiest way to check if directory browsing is currently enabled for your WordPress website is by simply visiting the /wp-includes/ folder link like this: https://example.com/wp-includes/.
You’ll want to replace www.example.com with your website’s URL.
If you receive a 403 Forbidden message or similar, directory browsing is already disabled on your WordPress site.
If you see a list of files and folders instead, it means that directory browsing is enabled for your site.
Because this makes your site more vulnerable to attack, you’ll usually want to block directory browsing in WordPress.
How to Disable Directory Browsing in WordPress
To disable the directory listing, you will need to add code to your website’s .htaccess file.
To access the file you need FTP clientor use a file management app inside your WordPress hosting The Control Panel.
If you’re new to FTP, you can check out our full guide how to connect to your site via FTP.
Once connected to your site, simply open the site’s “public” folder and locate the .htaccess file. You can edit the .htaccess file by downloading it to your desktop and then opening it in a text editor like Notepad.
At the very bottom of the file, simply add the following code:
It will look something like this:
When finished, save the .htaccess file and upload it back to the server using an FTP client.
That’s all. Now if you visit the same http://example.com/wp-includes/ URL you will get a 403 Forbidden or similar message.
We hope this article helped you learn how to disable directory browsing in WordPress. You may also want to see ours the ultimate WordPress security guideor see our professional selection the best WordPress membership plugin to protect your files.
If you liked this article, please subscribe to ours YouTube channel for WordPress video tutorials. You can also find us at Twitter and Facebook.
.
MY NUMBER 1 RECOMMENDATION TO CREATE FULL TIME INCOME ONLINE: CLICK HERE