How to disable directory listing in WordPress website [updated]
What is directory listing?
Directory listing is a web server feature that enabled it to list the content of your website directories when there is no index file (e.g. index.php or index.html) present.
If there is no index file is present in web-accessible folder access through a web browser, It will list the content and show it to the user. It may create certain security bridges or makes your site more vulnerable to attack by hackers.
It can include your Server information, WordPress themes, and plugins information, and more. Hackers may take advantage of any security loopholes of your themes and plugins and attack your site in many ways.
So, It is better to Disable the directory listing of your website and prevent search engines like Google to index those directory files. It will make the tasks of hackers much more difficult and works as an extra layer of security for your website.
If you disable the directory listing from your server then the attacker might use automated tools to get the information, but it drastically reduces the chances of your site being hacked.
How to check directory listing of a website?
If you want to check the directory listing of your site then you can check it by using free tools.
Just search for Directory Browsing Test and enter your website URL and then it will analyze your website and show you the result.
If your directory listing is enabled on your WordPress website then follow the below steps to disable it and increase your website security.
How to prevent directory listing vulnerability of a website?
There are many ways you can prevent directory listing from being index on search engines.
Method-1: Manually disable directory listing
In the first method, You can create an empty file and name it as an index.asp, index.php, or index.html and save it to that folder that you don’t want to index. and you have to do it in all folders on your database. But I don’t recommend this as it takes lots of time and effort.
You don’t want to create the index file in each and every folder. That’s why you can use the second method discussed below.
Method:2 Using the C-panel
Many hosting providers provide a one-click solution to this problem. Just go to the C-panel and search for an option called indexes. Check the below screenshot as a reference.
After clicking the indexes option you will see the root directory of your website. Here you will see an option like public_html. Here all your website data like themes, plugins, and backups are located. So You have to hide these public details for your website security. By default, some service providers won’t disabled it.
So after clicking the Public_html file you will see an option as shown in the below screenshot. Click on no indexing and save it. Now you successfully disabled the directory listing of your wordpress site.
Method-3 Using .htaccess file
If your website runs on an Apache server then you can disable directory listing by editing the .htaccess file.
Go to the root directory of your website and search for the .htaccess file. This is a hidden file and if you don’t see this file then you have to enable the show hidden file option.
Edit that file and add the code -indexes code and save it. You can see the screenshot as shown below.
If you are using the Rank math SEO plugin then You can edit the .htaccess file within the WordPress dashboard.
Note: Before changing anything in the .htaccess file, make sure to do a backup of that file. In case any error happened in the process you can restore it to the previous state.
If you are using the Nginx server then the directory listing is disabled by default. If you still found that it is enabled by some configuration change then you can disable it by accessing the nginx.conf file.
Open that file and search for the Auto index on; and change it to Auto index off; and then run service nginx restart and you are done. Directory browsing of your website is now been disabled and now your website is protected from potential hackers.
How to prevent directory listing on Hostinger hosting?
To disable directory listing on Hostinger, Go to Hostinger H-panel and scroll down to other sections. Here you will see an option called folder index manager.
After clicking this you will see an option called Setup indexing type. Here click on Apply for the whole website option and select the “no index” option below it.
Then click the Add button to save it. Now you have successfully disabled the directory listing/browsing for the whole site using the Hostinger dashboard.
This is the easiest way, you can disable directory browsing in Hostinger and no need for coding required for this.
That’s why I recommend using Hostinger hosting as it is very easy to use and you can check the complete review of Hostinger hosting here.
Conclusion:
Now we have discussed all the methods to disable directory browsing on different servers and hosting providers. But you need to remember that it is one of the security measures that you take on your website.
But hackers have now developed a new method called “Security through Obscurity” to attack your website vulnerability. So you should implement multiple security measures to prevent hackers. This concept is called “Defense in Depth“.
That’s why you should use a security plugin in your WordPress website which protects your website from malware and potential hacker.
if you have any doubts regarding disabling of directory listing in WordPress, feel free to ask me in the comment section.
If you find this Guide helpful share it with your blogging community and Subscribe to our newsletter to stay updated in the field of website security and SEO techniques.
Read also: How to enable Cloudflare platform optimization for WordPress
Definitely good to know brother. I had no idea that you could disable this or should but based on the security threat it makes sense to do this bit of tech leg work. Thanks for sharing with us.
Ryan
Yes, we should disable directory listing to improve website security as self-hosted sites like wordpress are more vulnerable because of third-party plugins.
Superb article, Abhishek.
Thanks for the awareness regarding such brutal attacks that can damage our whole site at once.
Being a non-techie lad, this was a goldmine for me.
Just disabled my “directory browsing”.
Thanks again.
Yes, we should take every precaution to safeguard our WordPress website.