What is Directory Browsing?
Directory Browsing or Directory Listing allows anyone to see all the files and folders when they access a website using web browser instead of webpage.
The web server that hosts your site not only display web pages but also the content of your web directories and other files. This happens as there is no index file (index.html. index.php etc) in the directory, therefore the web server did not receive the instruction to decide which web pages to display.
Why Disable Directory Listing?
First of all, information disclosure issue will happen if a web server is configured to display all your website contents. This would aid an attacker or hacker to attack your blog.
Imagine that all your critical and confidential contents of restricted files are displayed, a hacker will potentially exploit your website vulnerabilities like WordPress plugins, themes, core etc. This would give him important insights into website configuration.
How to Disable Directory Listing
- Firstly, we recommend you to backup your site before making any changes.
- Next, navigate to the different folders of your website in your browser to see if a list of files is displayed instead of a web page.
- If you don’t find any folders that are displaying file lists, you can stop at this step.
- Then, access the File Manager for your hosting plan. (Business Web Hosting / Email Hosting)
- Navigate to the folder that displayed a directory browsing.
- Edit the .htaccess (Linux) or web.config (Windows) file.
- Linux: at the top of the .htaccess file, insert the following line:
Options -Indexes
- Windows: in the web.config file, find and remove the following line:
<directoryBrowse>
- Linux: at the top of the .htaccess file, insert the following line:
- Save the changes to your file.
We hope this article helped you to learn about how to disable directory browsing. For more articles, please go to Knowledge Base.