WordPress Help

Disable directory browsing

Directory browsing allows anyone to see all the files in a folder and their contents. To help secure your site, you'll want to use your hosting's file manager to edit the files.

  1. You should always backup your site before making any changes.
  2. Navigate to the different folders of your website (ex. http://coolexample.com/wp-content) in your browser to see if a list of files is displayed instead of a web page.
  3. If you don't find any folders that are displaying file lists, there are no further steps for you to follow.
  4. Access the File Manager for your hosting plan. (Web Hosting / cPanel / Plesk)
  5. Navigate to the folder that displayed a directory listing.
  6. Edit the .htaccess (Linux) or web.config (Windows) file.
    • Linux: at the top of the .htaccess file, insert the following line:
      Options -Indexes
    • Windows: in the web.config file, find and remove the following line:
      <directoryBrowse>
  7. Save the changes to your file.

You have now disabled directory browsing. If you are still able to browse the directory in your browser, you will want to consider clearing your browser cache, trying another browser, or review the steps again for accuracy.

More info