The WordPress directory listing is useful but not for everyone because it could be used by the hackers to exploit the website. By default directory browsing is enabled for files & folder resides on your Apache server for WordPress site. So, when a browser sends a request for index.php and if doesn’t find it in the directories requesting for, it will show all the files and folders present. See the image below that showing the images directory of a WordPress blog.
As you can see that wp-content files are listing above, in the same way, by default the WordPress theme and plugins directory can also be listed too. And if some plugin is present on your WordPress which is vulnerable then the hackers can easily exploit that.
So, in this article, we will show you how to disable directory in WordPress using Cpanel or FTP client without using any WordPress directory listing plugin to prevent it.
How to disable directory browsing in WordPress
- Go to your Website hosting service.
- Login to Cpanel.
- Click on File Manager.
- On the extreme right side, you will Settings button, click on that.
- Check the options show hidden files and save it.
- Now find the .htaccess file and open it.
- No add a text Options -Indexes at the end of the .htaccess file’s ifmodule mod rewrite.c text and save it.
- Now again go to your WordPress website and try to access the directory resides on your Apache web server or Nigniz server. This time you will get 404 error.
Above steps with screenshots to Disable directory listing in htaccess Wordpress…
We are showing this tutorial on Cpanel but the same can be perform using the FTP client like FileZilla.
Step 1: Login on your hosting server and access the Cpanel. On the Cpanel, you find an option called File Manager, just access it to follow the further steps given in this tutorial.
Step 2: The File Manager will show the root directory of your web server. Now on the extreme right top side click on the Settings button.
Step 3: The Settings button will give a pop-up of options. From where select the Show Hidden Files (dotfiles) and click on the Save button.
Step 4: Now find the .htaccess file, select and click on the edit button.
Step 5: Now at the end of the .htaccess files add:
After adding, the above text after the WordPress ifmodule more rewrite.co text, save the file…
Step 6: Close the file and Cpanel. Now go to WordPress website whose directory listing you want to block. This time when you try to access the directory of your WordPress install website, it will not be going to show. Instead of that 404 error will appear.
In this way, we can block the listing of the directories on Apache web server running WordPress website.
Other Useful Resources: