When your webserver can’t find an index file (such as index.php or index.html), it displays an index page that lists the contents of the directory by default. This could expose your site to hack attacks by providing crucial information needed to exploit a vulnerability in a WordPress plugin, theme, or your server as a whole. This is why directory browsing in WordPress must be disabled.
All you have to do to disable directory browsing in WordPress is add a single line of code to your site’s .htaccess file, which is located in the root directory of your website. To modify the .htaccess file, you’ll need to use an FTP client to connect to your website.
Once you’ve connected to your website, look for a .htaccess file in the root directory. Because .htaccess is a hidden file, if you can’t find it on your server, make sure your FTP client is set to show hidden files.
Download your .htaccess file to your desktop and open it in a text editor like Notepad to edit it. Now, simply add the following line at the bottom of your WordPress generated code in the .htaccess file:
1 | Options -Indexes
Save your .htaccess file and use your FTP client to re-upload it to your server. And that’s it.
You’ve got everything you need to keep your website safe. Take the time to go over this checklist step by step, even if you only have a small WordPress site. Make sure you don’t spend time and effort creating a great website only to have it hacked by a WordPress-targeted attack. Applying the various hardening strategies outlined, you’re making it much more difficult for an attacker to acquire a foothold and successfully attack your WordPress website.
If you have any other questions don’t hesitate to contact us.
For more checklists, you can visit our resources page.