If you are still not able to figure it out, what did I mean by disabling directory browsing in WordPress?
Then, let me make it clear that, if the owner of the website doesn’t disable directory browsing, then any of the visitors can access their root files saved in their hosting directory.
By default, WordPress shows all the content of the root directory, like plugins, themes, media, and other files that don’t contain an index.php file.
How can hackers gain access to the root files of a WordPress website?
All they have to do is type www.yourdomainname.com/wp-content/uploads in the browser
Check out the below example to see how the whole directory of content pops up with a simple URL along with the parent directory.
It sounds scary, doesn’t it?
Yes, certainly it would be. When it comes to securing the WordPress website, this is quite an underestimated one. though quite important. You can’t open the doors and make your site vulnerable to attacks.
We will see in this article how to disable directory browsing in WordPress for better security.
Disable Directory Browsing in WordPress
The trick is quite simple; we just need to head over to your WordPress root directory to access the .htaccess file.
- Step1:. Login to your Control Panel (File Manager).
- Step 2: Click
public_htmland find the.htaccessfile in the WordPress root directory.
- Step 3: Right-click on it, and Click on Edit.
This will open the file in the text editor. At the bottom add below given one-line code.
# Disable directory browsing
Options All - IndexesStep 4. Hit the Save Changes button.
That’s it, you are done and disabled the directory browsing in WordPress and blocked access to your core WordPress files.
To test it you can reload the same page, not it might show an error page or some other page preferred by you.