How to Disable Directory Browsing in WordPress using .htaccess

If you are still not able to figure out, what did I meant stating disable directory browsing in WordPress?

Then, let me make it clear that, if the owner of the website doesn’t disable directory browsing, then any of the visitors can access their root files saved in their hosting directory.

By default, WordPress shows all the content of the root directory like plugins, themes, Media, and other files which don’t contain index.php file in it.

How can the hackers access the WP root files?

All they have to do is typing www.yourdomainname.com/wp-content/uploads in the browser

check out the below example, how the whole directory of content pops up with a simple URL along with the parent directory.

Sounds scary, isn’t it?

Yes, certainly it would be. When it comes to securing the WordPress website, this is quite underestimated one. Though, quite important. You can’t open the doors and make your site vulnerable to the attacks.

We will see in this article how to disable directory browsing in WordPress for better security.

Disable Directory Browsing in WordPress

The trick is quite simple, we just need to head over to your WordPress Root directory to access the .htaccess file.

Step 1. Login to your Control Panel – File Manager

File Manager

Step 2. Click on public_html, and find .htaccess file in the WordPress root directory.

.hta access file

Step 3. Right Click on it, and Click on Edit.

This will open the file in the text editor. There at the bottom add below given one-line code.

# Disable directory browsing
Options All - Indexes

Step 4. Hit the Save Changes button.

That’s it, you are done and disabled the directory browsing in WordPress and blocked access to your core WordPress files.

To test it you can reload the same page, not it might show an error page or some other page preferred by you.

What others are reading!
Authored by Navin Rao

A blogger and with a go-getter attitude Navin is a web geek and loves to write about WordPress. Able to guide even a non-techie to maintain a WordPress website through his walkthrough tutorials on WordPress.

Enough right? Let's join hands on Facebook and Twitter

10 thoughts on “How to Disable Directory Browsing in WordPress using .htaccess”

  1. Hello Naveen,

    Your article is really nice written and well explained. it’s showing you have best knowledge of wp. can you please explain best way to optimize a wp site. my site takes long time to load.

    thanks i will wait for your response.

    Divya Sehgal

    Reply
    • Hello Divya, Thanks for going through the tutorial.

      Where it comes to optimizing the WordPress website, the task is tedious and you need to take care of several things. Like applying CDN, proper caching, proper script minification, and more.

      Along with all these, install the W3 Total Cache Plugin as well… It will help boost your website speed.

      Have a great day ahead!

      Reply
  2. Hello Navin,

    I actually haven’t think about this. This is really a big security loophole for your blog if your directory browsing is enabled. Hackers can easily sneak into your site. I have just disabled it from the .htaccess file. Thanks for sharing this great tips, bro 🙂

    Have a great day 🙂
    Vishwajeet

    Reply
    • Hey vishwajeet, Glad it helped you increase the security of your website. Thanks for sharing your experience.

      Have a great day.

      Reply
  3. Hi Navin,

    Very useful article. That is really a big loophole in wordpress and can be the starting point of trouble. It is astonishing how anyone can access so easily the root contents.

    Thankfully, the solution is quite simple as you have given it here. With just two lines of code we can disable directory browsing and close the loophole.

    Thanks for sharing the valuable information with us. Have a great day!
    -Naveen

    Reply
    • Hi Naveen, welcome to QuestionCage!

      You are absolutely right there. And yes, certainly every coin have another side, so do WordPress loopholes as well instead of being a largest used CMS all around. But, solutions are always there for any kind of WordPress security and errors… Thankfully
      .
      Have a great day ahead!

      Reply

Leave a Comment