How to Disable Directory Browsing of WordPress website?
Now-a-days, WordPress is the most common web application software that allows user to manage their website content and improves the presentation of the website too. Well, having a website has become easy with the coming era of digitalization and managing its security as well. There are so many websites on the internet that it is hard to get which is the genuine one. That is why, user prefer to have SSL certificates while launching website on search engine. There are multiple articles that explains security of website and about SSL certificates.
Thus, it is quite often that websites have vulnerabilities that leads to unauthorized access and user do not even get the reason easily. Some of the vulnerabilities are related to login credentials, outdated themes or plugins or many more. One such vulnerability is directory browsing.
What is Directory Browsing?
Directory browsing means browsing files or directories from the URL. That means when you can access the files or directories of website from web browser and instead of web page, list of files and directories appear. This is because the web server that hosts your site can not only display the web pages but also the contents of web directories and files. The reason of this is absence of index file (index.html, index.php etc) in the in the domain directory.
Index file is the first file that a web server searches when a user enters a website URL. Thus, when server did not find any index file in the domain directory then it displays the list of all files and directories.
Most of the web servers are configured not to display the contents of the files and directories. But sometimes, may be for some experiments you have modified the index file, this will also result in listing of website files and directories and thus it will become easier to have unauthorized access on your website and its data. Thus, disabling directory browsing is a security measure.
Now, it could be understood what directory browsing is and you may have observe it as well. The things are similar in WordPress website also. When you install WordPress, a default directory gets created in the File Manager section in cPanel. This directory has all necessary files and directories including index file. If because of some reasons you have deleted or modified any changes in the index file of WordPress directory then list of all files and directories would be displayed. Today, I’m sharing an article that explains about the methods to disable directory browsing in WordPress website. The methods would be same even if you are not using WordPress website.
Well, the procedure illustrated below can be done from cPanel File Manger section. To do the same, login to your cPanel and get inside File Manager section.
On the next page, list of files and directories will appear. From here, select the directory for which you want to disable directory browsing, i.e of your WordPress directory.
Now from here, you can follow any of the below mentioned steps to disable directory browsing.
#1. Change Permission of WordPress or Domain Directory
- Right click over the file, and select the option Change Permisions.
- Assign the permission as directed in the below image and Change Permissions.
Assigning the permission as 771, will restrict the permission and no visitor can access the directory from the outside and the page will display an error message.
#2. Manage Indices
- Right click over the WordPress Installation directory or domain directory.
- List of options will display. Select Manage Indices and proceed.
- On the next page, you will get the options with which you can customize the way a directory will be viewed on the web.
- Select the option No Indexing from the list and then Save.
- You will receive a message that the index settings have been updated successfully.
Now, even if you missed the index file, your files and directories would not get any unauthorized access.
#3. Editing .htaccess file
.htaccess files allows user to manage multiple things related to website just by adding or deleting codes within it. Here also, adding simple code in this file will disable the directory browsing and thus saves your files or directories being displayed on the web browser.
- Find .htaccess file in your WordPress installation directory or inside domain directory.
- Right click over the file and Edit.
- Add the given code, to the beginning of the file.
Options -Indexes
- Click over Save Changes.
That’s it !
This code will disable directory browsing in your WordPress website.
You can apply the above given procedure to your normal website as well. Hope the article better explains the procedure to disable directory browsing for WordPress website. We have written many articles on WordPress and related topics that help you better manage your website at your own desk. For more articles you can refer to the blog at www.blog.redserverhost.com.