Best Wordpress themes and plugins

How to Disable Directory Browsing in WordPress


WordpressComp -
How to Disable Directory Browsing in WordPress
Rate it!
Rate this post

How to Disable Directory Browsing in WordPress download the WordPress Theme

Download now How to Disable Directory Browsing in WordPress theme.
Review and opinions of How to Disable Directory Browsing in WordPress theme.

We WordPress lovers will shout it to the world — WordPress is amazing! We love it and as the world’s leading CMS platform, it’s clear that a lot of other people do too.

But, as many seasoned WP users and developers will tell you, a WordPress installation, though great, still needs some customizing to really tighten things up when it comes to security and other default features.

If you’re looking for ways to boost security, then one area that you should consider is by blocking people from being able to browse your directory files.

Why Disabling Directory Browsing is a Good Idea

Stop and consider this for a moment:

Let’s say that you have a one of those metal cabinets made for holding your personal and private files you wish to keep in a safe place. Now, even though you likely don’t have those under lock and key, it’s pretty much a given that people should stay out of that cabinet unless they get the go ahead from you.

Now imagine that you find someone going through those files without your permission. Wouldn’t you be annoyed and wary of that person’s intentions?

Most of us would. And my guess would be that you would probably start locking that cabinet up from that point on.

Well, this somewhat illustrates the importance of your directory files.

They’re pretty important and you would think that people would have the decency to keep their nose out of things that don’t belong to them, but history paints another sad reality.

Truth is that your site’s directory files are on display for anyone in the world to find if they know where to look, and they’re easy to find.

You can easily discover any site’s directory files that are powered by WordPress by simply entering /wp-includes/ at the end of your base URL.

If you do this to your own site and you find a picture similar to the one pictured below, then your directory files are accessible to anyone and everyone who wants to take a peek.

Directory

That’s a bit unnerving when you consider that these files contain sensitive information and can give hackers the upper hand when finding a way to sneak in and tamper or virtually set your site ablaze.

Want to prevent that from happening? Then here is a simple fix to put your files under lock and key.

Disabling Directory Browsing On Your WordPress Site

Disable-Directory-Browsing

The good news is that the fixing this takes a simple line of code. The bad news is that it’s going to take some slight tech skills to put that code in the right place.

OK, so let’s start this off. Here is the code you’re going to use:

Options All -Indexes

Now, you’re going to want to access the .htaccess file of your site. You can do this one of two ways:

  1. Using an FTP client like FileZilla
  2. Through your File Manager in your host’s cPanel

For this tutorial, I’m going to explain how to do this through your cPanel.

How To Disable Directory Browsing

For starters, you’ll want to login to your web host and go to your cPanel.

cPanel Files

 

Next, go down to the Files section and click on File Manager. Once you click there, you’ll have a box pop up asking when files you wish to look at (the files in a certain URL).

Select the Web Root directory option, select your domain and then make sure to check the box that says Show Hidden Files.

You will then be taken to another screen listing all the files within that certain domain. Scroll through the files that appear and look for the .htaccess file.

Before you open the file, download it and keep it somewhere safe. Next, click on the file and then go to the top of the screen that says View to that you can view the file.

There you should find a few lines of code including the following:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Now take this code:

Options All -Indexes

And put it at the end of the of that code so that it now looks like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Options All -Indexes

Save your changes and you have no locked down your directory from prying eyes. You can double check this by going to your site and adding /wp-includes/ to your URL again.

If you’ve done this correctly, you will get a 404 Error or Permission Error which means that you efforts have been successful!

In Conclusion

Even though this isn’t what some would call a necessary step, it’s probably a step you should be taking anyway. Your files are important and should be kept private.

It will take a few minutes to do this, but it’s better to take the precaution and keep things safe.

How to Disable Directory Browsing in WordPress download the WordPress Theme

Download now How to Disable Directory Browsing in WordPress theme.
Review and opinions of How to Disable Directory Browsing in WordPress theme.

Rate it!
Rate this post

Leave a Reply

Your email address will not be published. Required fields are marked *

How to Disable Directory Browsing in WordPress
Voted 4.8/5 of 9 reviews.
Categories
Recent