How to Disable Directory Browsing in WordPress?

Disable Directory Browsing in WordPress

One way to boost the WordPress security is to disable directory browsing in WordPress.

Typically, the webserver has disabled directory listing by default. But sometimes, the case could be different, and the directory could become accessible with this URL.

At that moment, it becomes critical to disable the directory from the WordPress site.

In this short blog post, I will tell you what directory browsing is, why it is a security concern, and how you can overcome it.

What is Directory Browsing in WordPress?

WordPress runs on the PHP server. It includes PHP, an operating system, database, and a webserver.

The database is where the site’s data is located. Every site needs a source for data. 

Now, a directory is a location where the files are stored. For WordPress files, a directory can be found in the database. Typically they will be in the hierarchical file system for the ease of navigation.

These directories should be hidden and restricted to public users due to security issues. 

Though, due to incorrect server configuration, directory browsing gets unlocked in WordPress. When that happens, anyone can browse the directory files of the websites.

Disable Directory Browsing in WordPress

Why should you disable directory browsing in WordPress?

The directory may contain sensitive information that hackers could use to take control of the website.

The wp-content directory has all information about the themes you are using, plugins, configurations and other information.

Anyone can surf the files and find the information that could help the hackers to exploit the website.

After disabling it, no one can access it.

forbidden Disable Directory Browsing

How to disable directory browsing in WordPress?

In this article, I will tell you three easy to follow methods to disable directory browsing.

  1. Disable directory browsing with WordPress Plugin
  2. Disable directory browsing with cPanel
  3. Disable directory browsing with .htaccess

Disable directory browsing with WordPress Plugin

Like every WordPress function & task, there are WordPress plugins to restrict the directory browsing for the public.

Disable Directory Browsing in WordPress WordPress Plugin

Most of the WordPress plugins to disable directory browsing are not up to date and are not secure.

If you are using any security plugins, such as Wordfence, or Sucuri, check if the plugins provide the function to disable directory browsing.

I suggest not to use plugins as there are not quality plugin available, and you can do it manually quickly and easily.

Disable directory browsing with cPanel

We will be using the File Manager in this method. Whether your host has provided you cPanel, Plesk or any other panel, you can follow this guide. Most of the hosting panel is similar.

Step 1: Log in to cPanel and locate the File Manage under the files section.

cPanel File Manager

Step 2: Find the public_html

The next page will load the panel. Panel on the left panel display all the top directories of the websites. The right side panel displays all the directories and files within the directory.

The public_html directory is in home_directory. Make sure the home_directory is load from the left pane.

WordPress Directories

After selecting the home directory from the left panel, search the right-side panel for the public_html file.

Public Html Directory

Step 3: Edit the Indices of public_html

Click on the public_html file, and it will open a tray of options. From there, choose ‘Manage indices’. On the next page, you will find the option to allow or disallow the directory index to show.

No Indexing WordPress Directory Browsing

Select the No Indexing option and hit the have button. And it’s done.

You will get the confirmation message like this:

indexes are off 1 Disable Directory Browsing

Check the website wp-includes page, and you will see the forbidden page instead of a directory.

Disable directory browsing with a .htacces file editor

The third method is to use the .htaccess file to turn off the indices.

.htaccess file consists of the command for the servers. We will add one more command to the file.

If it’s your first time, and you are not much aware of .thaccess files, take your website’s breakup.

It’s up to you how you want to edit the .htaccess file of your WordPress site. You can do it from a WordPress plugin, or via cPanel File Manager.

Here the plugin to edit the .htaccess file:

  • WP htaccess Control
  • Htaccess File Editor
  • .htaccess Site Access Control
  • WP htaccess Optimize

In this post, I will edit the .htaccess file from cPanel.

Step 1: Open the File Manager from the cPanel.

As mentioned above, login into your cPanel. Find the file manage under the Files section.

The .htaccess file will be in the public directory. 

Step 2: Editing the .htaccess file.

Click on the .htaccess file, and select the edit option from the tray.

Editing .htacces file editor

The next page will open the editing option for the htaccess file.

Editing htaccess file

Step 3: Add the line of code.

Add the following line of code into the .htaccess file.

Options -Indexes

Save the changes. The directory listings are disabled now.

Final Words

In most cases, any of the three mentioned methods will work fine to disable directory browsing in WordPress.

  • Plugin Method: Not recommended to download a plugin for this. If the already installed security plugin has this option, then go for it.
  • No Indexing: Secure and easy to follow method to forbidden the directory listing.
  • Adding code to .htaccess file: Another secure and straightforward method, but don’t mess with .htaccess file if you are not aware of it.

If nothing works, you can contact your hosting provider to solve the issues. You can also leave your doubts and questions in the comment box.

Latest WordPress Tips, Guides, & News

Stay updated with new stuff in the WP ecosystem including exclusive deals, how-to articles, new plugins, and more. 100% WordPress Goodness, a promise!

4 thoughts on “How to Disable Directory Browsing in WordPress?”

  1. Happy to see someone has finally discussed how to do this server side via cPanel.
    I honestly think that blocking indexes via cpanel server side is the best way as opposed to doing this in htaccess. For eg. If someone was to gain access to your htaccess file they can simply remove this. But, if you do this server side via cpanel you are pretty much rock solid in this respect.

    Thank you. This was the answer I was looking for

  2. greemus software

    Thank you so much for this valuable post. This is what I was actually looking for. I will also bookmark this page for future help.

  3. Thank you so much for this valuable post. This is what I was actually looking for. I will also bookmark this page for future help.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top

We can help you. Right now.

Fast growing merchants depend ServerGuy for high-performance hosting. Experience counts. Let's get started.

Talk to a sales representative

USA / Worldwide




Core Web Vitals Book COver

Is your website ready for Core Web Vitals?

Take this FREE book with you and optimize your store for speed.

Learn all about new Google new ranking factors and get that top ranking.