How To Disable Directory Browsing Using .htaccess File

July 18th, 2016 | by Ravi Chahar || 4 Comments |

There are many files stored on your web hosting server. Some of the directories are special and have a strong need to get protected. If you notice that your wp-incudes directory is showing or indexing in the Google then what would you do? You should disable directory browsing in WordPress so that all the directories like wp-includes, wp-content won’t be seen by anyone. 

You all know that in the wp-content directory all of your plugins and the theme you are using on your WordPress website are present. If users can access this file then you are inviting the hackers. You are showing the vulnerability of your website.

Why Should You Disable Directory Browsing In WordPress

There are many bloggers who don’t even think about these things. You can build an enormous website but it can’t be done without the security of your WordPress website. You should know all the possibly vulnerable files and directories which should be protected by you.

If the directory with the name wp-includes is showing then you are allowing the users to check all the images and many sensitive data from your website to access. You know that hackers seek for such kind of vulnerabilities in your website.

So you should know how to disable directory browsing using .htaccess. In this post, I am going to provide you the best way to hide your directories.

Use The .htaccess File To Accomplish This Task

You can check whether the wp-includes directory can be seen by your users or not. It can be done by typing your domain name followed by the directory name.

http://www.yourwebsite.com/wp-includes

If you can see the content of this directory then you should disable it’s browsing. You can do that using the .htaccess file. There is a simple code of one line which should be embedded in the .htaccess file using the cPanel of your web hosting account. To edit the .htaccess file you have to follow some steps:-

Step 1:- Login to your cPanel and go to the “files” section.

Step 2:- Click on the “file manager” option and then “go”. Make sure that you have enabled to show the hidden files of your “webroot” directory. It’s because your .htaccess file is the hidden file which can be noticed by the dot.

Step 3:- Find the .htaccess file and right click on the file. Choose an “edit” option and your file will open for you to edit.

Step 4:- The code shown below should be written in the bottom of the .htaccess file and then click on the save button.

Options -Indexes

Now you can check it again by typing the domain name followed by the directory name. There will be an error 403 showing.

Now you have successfully disabled the browsing of your wp-includes directory and no one can see the content of this directory.

Can You Now Disable Directory browsing in WordPress

There are many important things people forget to do for their WordPress website. As I always say, WordPress security is the most important thing to do.

You can’t allow anyone to ruin your hard work within few minutes. Sometimes when wp-content and wp-includes directories get indexed then you remove the URL from Google but it doesn’t mean your users can’t see the content by typing the URL.

To restrict the access you should know how to disable directory browsing using htacccess file. The code shown above works fine and you would be happy to see the results.

Taking another step towards securing your WordPress website is needed. Just copy and paste the code. If you still face any problem then I am here to help you.

You can connect with us on Twitter, LinkedIn, and Facebook.