How to Disable Directory Browsing in WordPress: Quick Guide

Do you want to disable directory browsing in WordPress? If you are looking for a simple method, keep reading this article.

Directory browsing in WordPress lets anyone view a list of files and folders stored on your website when there’s no index file present.

While this setting might seem harmless, it can expose sensitive information like plugin names, theme files, or configuration data, making your WordPress site vulnerable to attacks.

Disabling directory browsing in WordPress is one of the easiest ways to protect your site’s core files and improve overall security.

In this quick guide, we’ll explain what directory browsing is and show you how to disable it safely using cPanel or FTP.

First, let’s see what directory browsing is and why it is a bad thing.

What is Directory Browsing

Directory browsing is a server feature that lets visitors view a list of files and folders within a website directory when there’s no default index file, such as index.php or index.html.

For instance, if someone visits a directory like example.com/wp-content/uploads/, they can see all the files and subdirectories stored there. Your web server’s configuration controls this feature and can be enabled or disabled depending on your setup.

Why Disable Directory Browsing in WordPress

Disabling directory browsing in WordPress is essential for maintaining your website’s security and privacy. When directory browsing is enabled, visitors can see a list of files and folders within your site’s directory through a browser.

This may expose sensitive information, configuration files, or even plugins and themes used on your WordPress website. Hackers can use this data to find vulnerabilities in your setup.

By disabling directory browsing using your .htaccess file or using a file manager plugin, you can protect your site and prevent unauthorized access to important files.

How to Check Whether the Directory Browsing is Enabled or Not

Before you disable directory browsing on your WordPress site, it’s important to confirm whether it’s already enabled. You can easily test this without logging into your WordPress dashboard or using any plugin like Sucuri.

To check, open your browser and enter your website’s domain name followed by a directory path, like https://yourdomain.com/wp-includes/. If directory browsing is enabled, you’ll see a list of files and folders on that page. However, if directory browsing is disabled, you’ll either get a blank page or an error (such as a 403 Forbidden message).

If you’re using an Apache web server, you can also confirm this through your hosting File Manager or via FTP, especially when adjusting your .htaccess file settings.

How to Disable Directory Browsing in WordPress

In this section, we’ll go through a few effective ways to disable directory browsing on your WordPress website, including:

• Using the .htaccess file on Apache servers
• Through cPanel File Manager

Each method offers a quick and reliable way to protect your website and prevent exposure of sensitive information.

1. .htaccess Method

If you need a simple method, follow these steps. Most SEO plugins, such as Yoast and Rank Math, come with an htaccess editor option.

So, you do not need to use any other dedicated plugins to edit the htaccess file. In this case, we are utilizing the Rank Math plugin to manage on-page SEO optimization.

Now, you will see the htaccess editor option.

Paste the code

Options -Indexes

Once you have made those changes, save them.

If you need an alternative method to disable directory browsing on your WordPress website or WooCommerce store, follow the next step.

2. File Manager Method

Here, you will use a dedicated file manager plugin to access and edit the .htaccess file directly. The plugin we use and recommend is File Manager.

After activating the plugin, you can see the file manager option on the left-hand side.

Once you have opened it, you will see all the files that are present on the server. From there, select the htacess file and choose the code editor.

Now, you need to paste the code below into the file.

Options -Indexes

Save and update the file too.

From now on, the directory browsing feature will be disabled on the website.

Which method is more convenient for you?

Disable Directory Browsing on NGINX Servers

If your WordPress site is hosted on an NGINX web server, disabling directory browsing is a straightforward process. Unlike Apache, NGINX doesn’t use an .htaccess file; instead, you’ll need to modify the server configuration file directly.

To disable directory browsing on your WordPress site, access your server via FTP or your hosting provider’s File Manager. Open your NGINX configuration file (usually located in /etc/nginx/sites-available/) and find the relevant server block for your domain name. Inside that block, add the following line:

autoindex off;

After saving the changes, restart NGINX using your hosting control panel or command line. This step will protect your website and ensure directory browsing is fully disabled.

Frequently Asked Questions

Now, let’s see some of the frequently asked questions regarding this topic.

Conclusion

Disabling directory browsing in WordPress is a simple yet powerful way to strengthen your website’s security. When directory browsing is enabled, it allows anyone to view your site’s file structure, which can expose sensitive information and lead to vulnerabilities.

By updating your .htaccess file or using a file manager plugin, you can easily disable directory browsing on your website and protect your files and folders. Whether you’re using cPanel, FTP, or a plugin like Sucuri, the process takes only a few minutes.

Keep your WordPress site safe, prevent unauthorized access, and make sure directory browsing is disabled to maintain a secure and professional web presence.

Do you know any other method to disable directory browsing in WordPress and WooCommerce?

Let us know in the comments.