It's reported that 30,000 new websites become hacked every day, and your WordPress site is not exceptional. It might go the next target of hackers without your find. Hackers utilise multiple methods in an attempt to control your site, from guessing your passwords to injecting your database or even exploiting your uploads.

Another common and easy manner for sick-intentioned users to break your WordPress site comes to the directory listing/browsing. But what is this result? Why do site owners try to avert it? And how to disable it?

Simply sit back, relax, and allow's dig into the answers to all these questions via our large picture of WordPress directory browsing.

What Is Directory Browsing in WordPress

Normally, your WordPress binder in the root directory contains an index.php, index.htm, or alphabetize.html file. These files will record what the webserver runs and loads on your site when entering that folder.

If your webserver tin't discover an index file, it'll automatically create a new index page and brandish the content of the directory.

To check if your directory is available to the public, you should enter http://case.com/wp-includes/ while example.com is your domain. In case it shows you lot a forbidden bulletin of "You lot don't accept permission to access /wp-includes/ on this server.", information technology's a good sign. Your site is already secure and you don't demand to take any further action.

pda-wp-includes-file-permission

When you meet a list of files in the search results, this means that your directory browsing is enabled on your site and you need to articulate it immediately.

Simply how this directory browsing problem affects your site that forces you lot to disable it? These 2 master reasons volition give you lot the answer.

Why Disabling Directory List in WordPress

  • Create vulnerability holes

As mentioned, if your directory list is available to the public, hackers will have a good chance to wait around your site construction, know everything in the /wp-content file, including the versions of plugins, themes, and core platform.

Outdated plugins with vulnerability holes seem like open gates for attackers to inject malware to your site. Consequently, they may rape your admin area, delete pages, or fifty-fifty worse, shut the entire site down.

  • Lose important data

Content theft is another reason requiring you to hide your directory browsing. Showing your files and images on the /wp-includes page can pave the way for shady users to steal your commercial or personal private files.

You have 2 solutions to deny straight access to WordPress site folders and protect your private data, either manually using cPanel or installing the PDA Golden plugin. Nosotros'll walk you through each method with a detailed guide.

How to Disable Directory Listing in WordPress via cPanel

To apply this way, you accept to log into your web hosting account and become to cPanel. After that,

  1. Head to the Files department and open up the File Manager folder
    pda-cpanel-files-manager
  2. Pick the Web Root managery option from the popup box then select your domain
  3. Bank check the box saying "Show Hidden Files"
  4. Await for the .htaccess file. Then download it to your desktop to edit
  5. Add this code to the bottom of the file in your local device 
    Options -Indexes

    This is how the new lawmaking in the file looks like:

    # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index.php$ – [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /alphabetize.php [L] </IfModule> # END WordPress Options All -Indexes
  6. Upload this file with the new code  and dorsum to your server

That'due south it! You've successfully disabled the directory browsing on your WordPress site. Those who are trying to locate a directory alphabetize on your website will exist redirected to a forbidden page.

Disable Directory Indexing Using The PDA Gold Plugin

Primarily coming as a media file protection plugin, Foreclose Straight Access (PDA) Gold likewise proves an constructive solution to cease users from viewing your folder structures. You can block directory browsing in different web servers such as Apache, NGINX, and Microsoft Internet Information Services (IIS).

The following instruction will prove you how to get started with the plugin:

  1. Download the PDA Gold plugin via a zip file format
  2. Become to PluginsAdd NewUpload plugin in your admin dashboard and choose the zip file you've only downloaded
  3. Enter the license cardinal and activate the plugin
  4. Open the plugin Settings folio right in your navigation menu
    pda-gold-settings
  5. Scroll down to the OTHER SECURITY OPTIONS department and enable the "Disable Directory Listing" feature
  6. Save your changes

As presently equally you lot turn on the feature, the plugin automatically adds the code Options All -Indexes to the bottom of your .htaccess file. You don't have to touch your spider web servers which might accidentally affect your site operation.

Detect Other Powerful Functionalities of PDA Gilded

Besides denying directory listing, there are a lot of things y'all tin can play with this plugin. Information technology allows yous to protect your WordPress media files from unauthorized users.

Exercise yous own an online form website? Or are you a lensman selling artworks and event photos to customers? Whoever you lot are, this plugin is merely your way to go.

Once protected, your files get invisible to the public, including search engines. Readers searching for your files volition be redirected to a 404-page in spite of having the original URLs. Only specific users, such as admins, members of your site, or your selective customers have the correct to admission your files.

Too, you can create special individual links to the protected files and send them to users. Notwithstanding, users take permission to view them in only a given period of time or after a number of clicks. Sounds interesting, right?

Release Worry near WordPress Directory Browsing

Directory listing tin can create an open gate for hackers to attack your site since they can see the full binder construction. They'll find out which plugins or themes are outdated and take advantage of their vulnerability holes.

You accept 2 choices when looking for a solution to disable directory listing on your WordPress site: using cPanel or the PDA Gilded plugin. While the former forces you to add code to the .htaccess file, the latter handles/takes all the chore by automatically doing this for y'all. All you demand to exercise is installing the plugin and enable the characteristic.

PDA Golden also gives you more than capabilities than only denying directory listing access. Give it a try to discover more!