{"id":2776,"date":"2016-08-15T06:09:13","date_gmt":"2016-08-15T06:09:13","guid":{"rendered":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?p=2776"},"modified":"2022-02-19T13:29:16","modified_gmt":"2022-02-19T13:29:16","slug":"learn-disable-directory-browsing-wordpress","status":"publish","type":"post","link":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/","title":{"rendered":"Learn How to Disable Directory Browsing on WordPress"},"content":{"rendered":"<p>Disabling the directory listing in WordPress is a good practice to avoid exposing sensitive information to users and search engines, the server features in use and potential vulnerabilities in plugins, themes or a general file. This practice contributes to greater security for WordPress.<\/p>\n<p>The Apache server by default displays an index page content, files and subdirectories when it does not find an index.html or index.php file, for example. You should avoid this default behavior of directory listing to prevent navigation for your media files, plugins and themes files.<\/p>\n<p><a href=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/Example-directory-listing-WordPress-plugin.png\" rel=\"attachment wp-att-2778\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-2778 size-full aligncenter\" src=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/Example-directory-listing-WordPress-plugin.png\" alt=\"Example-directory-listing-WordPress-plugin\" width=\"544\" height=\"160\" srcset=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/Example-directory-listing-WordPress-plugin.png 544w, https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/Example-directory-listing-WordPress-plugin-300x88.png 300w\" sizes=\"auto, (max-width: 544px) 100vw, 544px\" \/><\/a><\/p>\n<p>Example of directory listings of WordPress plugin<\/p>\n<h2><strong>The security issue with the directory listing<\/strong><\/h2>\n<p>Note the image above and the information displayed with the directory listing. There is a lot of information that can guide an attacker: The path of your files revealing the server folder structure. You can browse and view files and folders, so it is always suggested to avoid using file names such as archive.php.bkp, for example, that content can be read with the version of the web server, Apache \/ 2.2.22, language, PHP 5.4.4 and some modules in use.<\/p>\n<p>This server information is exposed if the ServerSignature policy is enabled.<\/p>\n<h2><strong>How to disable directory listing?<\/strong><\/h2>\n<p>The directory listing can be disabled through the Apache configuration file, the .htaccess file or simply the existence of an index.html or index.php file, for example, in the directory and subdirectories.<\/p>\n<p>It is important to understand this cascade configuration and thus opt for the safest way to disable the directory listing on WordPress. Simply put, we have the following scenario:<\/p>\n<ol>\n<li>configuration file, httpd.conf \/ apache2.conf, Apache;<\/li>\n<li>.htaccess file;<\/li>\n<li>html \/ index.php.<\/li>\n<\/ol>\n<h2><strong>Disabling directory listing through the Apache configuration file<\/strong><\/h2>\n<p>The file is usually named httpd.conf or apache2.conf and for this you can consider the following policy to prevent the listing of directories:<\/p>\n<p>&lt;Directory \/ var \/ www \/ html&gt;<\/p>\n<p>Options -DirectoryIndex<\/p>\n<p>&lt;\/ Directory&gt;<\/p>\n<h2><strong>Disabling the directory listing using the .htaccess file<\/strong><\/h2>\n<p>Consider using the policy below in the .htaccess file of your WordPress installation. This file is located in the root folder, and if you use FTP \/ SFTP you need to consider the display of hidden files.<\/p>\n<p># Disable directory listing<\/p>\n<p>Options -DirectoryIndex<\/p>\n<h2><strong>Disabling directory listing through index files<\/strong><\/h2>\n<p>These files are as famous as the quote \u201cTime is Money\u201d. In the absence of an index file in your directory themes and plugins, consider adding an index.php file, for example, to prevent directory listing.<\/p>\n<p>The file does not need to have any content. It only requires its existence. But too often it includes only a comment getting something like this:<\/p>\n<p>&lt;? Php<\/p>\n<p>\/\/ Time is Money<\/p>\n<h2><strong>What is the best strategy to disable directory listing?<\/strong><\/h2>\n<p>Our suggestion is to make use of the three alternatives and have the concept of cascade in mind, but in this context, think in reverse because some contexts are explained in detail.<\/p>\n<p>If you are developing a plugin or theme, always consider to include index.php file in all directories. You probably will not be responsible for the setup and maintenance of WordPress, so you cannot guarantee the use of the .htaccess file to prevent directory listing, which will tell the server to change the web server configuration file.<\/p>\n<p>If you are managing a website using WordPress CMS, ensure that you have made use of the index file in the directories, consider using \u00a0.htaccess file and if possible make proper changes on a server so that it prevent directory listing.<\/p>\n<p>If you are a SysAdmin, consider configuring Apache to prevent directory listing, so you ensure that in the absence of the directive in the .htaccess file or the lack of index files, directory listing does not happen.<\/p>\n<p><strong>Note:<\/strong> If you are a MilesWeb Hosting service user, you don\u2019t need to take care of this hectic and confusing task. Our technical experts disable Directory Browsing across servers. It is one of the steps that are taken for the security of our customers accounts.<\/p>\n<p>Looking for <a href=\"https:\/\/www.milesweb.co.uk\/hosting\/wordpress-hosting\">WordPress Hosting<\/a>? Look no further than MilesWeb!!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Disabling the directory listing in WordPress is a good practice to avoid exposing sensitive information to users and search engines, the server features in use and potential vulnerabilities in plugins, themes or a general file. This practice contributes to greater security for WordPress. The Apache server by default displays an index page content, files and [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":2779,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-2776","post","type-post","status-publish","format-standard","has-post-thumbnail","placeholder-for-hentry","category-web-hosting-faq"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.2 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Learn How to Disable Directory Browsing on WordPress - Web Hosting FAQs by MilesWeb<\/title>\n<meta name=\"description\" content=\"Knowledgebase includes a step by step process to to Disable Directory Browsing on WordPress website for security enhancement of the hosting account.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Learn How to Disable Directory Browsing on WordPress - Web Hosting FAQs by MilesWeb\" \/>\n<meta property=\"og:description\" content=\"Knowledgebase includes a step by step process to to Disable Directory Browsing on WordPress website for security enhancement of the hosting account.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/\" \/>\n<meta property=\"og:site_name\" content=\"Web Hosting FAQs by MilesWeb\" \/>\n<meta property=\"article:published_time\" content=\"2016-08-15T06:09:13+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-19T13:29:16+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"315\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Pravin Ganore\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Pravin Ganore\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/\",\"name\":\"Learn How to Disable Directory Browsing on WordPress - Web Hosting FAQs by MilesWeb\",\"isPartOf\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg\",\"datePublished\":\"2016-08-15T06:09:13+00:00\",\"dateModified\":\"2022-02-19T13:29:16+00:00\",\"author\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/9f6aad74f4af57132ba60117b4ab3ea6\"},\"description\":\"Knowledgebase includes a step by step process to to Disable Directory Browsing on WordPress website for security enhancement of the hosting account.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#primaryimage\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg\",\"contentUrl\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg\",\"width\":800,\"height\":315},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Learn How to Disable Directory Browsing on WordPress\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/\",\"name\":\"Web Hosting FAQs by MilesWeb\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/9f6aad74f4af57132ba60117b4ab3ea6\",\"name\":\"Pravin Ganore\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0cc3f850bd88b8c03fef8afc4399e314?s=96&d=blank&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0cc3f850bd88b8c03fef8afc4399e314?s=96&d=blank&r=g\",\"caption\":\"Pravin Ganore\"},\"description\":\"Pravin is Journalist Specializing in Blogging, Social Networking and Community Management. As a constant learner, he is always aiming towards new ideas and greater knowledge. When he is not doing research, reading, or writing for blogs, you can find him hanging around social media sites.\",\"url\":\"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/pravin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Learn How to Disable Directory Browsing on WordPress - Web Hosting FAQs by MilesWeb","description":"Knowledgebase includes a step by step process to to Disable Directory Browsing on WordPress website for security enhancement of the hosting account.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/","og_locale":"en_GB","og_type":"article","og_title":"Learn How to Disable Directory Browsing on WordPress - Web Hosting FAQs by MilesWeb","og_description":"Knowledgebase includes a step by step process to to Disable Directory Browsing on WordPress website for security enhancement of the hosting account.","og_url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/","og_site_name":"Web Hosting FAQs by MilesWeb","article_published_time":"2016-08-15T06:09:13+00:00","article_modified_time":"2022-02-19T13:29:16+00:00","og_image":[{"width":800,"height":315,"url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg","type":"image\/jpeg"}],"author":"Pravin Ganore","twitter_misc":{"Written by":"Pravin Ganore","Estimated reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/","name":"Learn How to Disable Directory Browsing on WordPress - Web Hosting FAQs by MilesWeb","isPartOf":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#primaryimage"},"image":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#primaryimage"},"thumbnailUrl":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg","datePublished":"2016-08-15T06:09:13+00:00","dateModified":"2022-02-19T13:29:16+00:00","author":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/9f6aad74f4af57132ba60117b4ab3ea6"},"description":"Knowledgebase includes a step by step process to to Disable Directory Browsing on WordPress website for security enhancement of the hosting account.","breadcrumb":{"@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/"]}]},{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#primaryimage","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg","contentUrl":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-content\/uploads\/2016\/08\/disable-directory-browsing-wordpress.jpg","width":800,"height":315},{"@type":"BreadcrumbList","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/learn-disable-directory-browsing-wordpress\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/"},{"@type":"ListItem","position":2,"name":"Learn How to Disable Directory Browsing on WordPress"}]},{"@type":"WebSite","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#website","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/","name":"Web Hosting FAQs by MilesWeb","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-GB"},{"@type":"Person","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/9f6aad74f4af57132ba60117b4ab3ea6","name":"Pravin Ganore","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0cc3f850bd88b8c03fef8afc4399e314?s=96&d=blank&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0cc3f850bd88b8c03fef8afc4399e314?s=96&d=blank&r=g","caption":"Pravin Ganore"},"description":"Pravin is Journalist Specializing in Blogging, Social Networking and Community Management. As a constant learner, he is always aiming towards new ideas and greater knowledge. When he is not doing research, reading, or writing for blogs, you can find him hanging around social media sites.","url":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/author\/pravin\/"}]}},"views":2238,"_links":{"self":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/2776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/comments?post=2776"}],"version-history":[{"count":6,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/2776\/revisions"}],"predecessor-version":[{"id":13900,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/posts\/2776\/revisions\/13900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/media\/2779"}],"wp:attachment":[{"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/media?parent=2776"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/categories?post=2776"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.milesweb.co.uk\/hosting-faqs\/wp-json\/wp\/v2\/tags?post=2776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}