How To Disable Directory Browsing On Your WordPress Blog Easily

If you have a self-hosted WordPress blog, check the following links on your favorite browser:

http://www.yourblog.com/wp-content/plugins/

http://www.yourblog.com/wp-content/plugins/akismet/

http://www.yourblog.com/wp-content/plugins/all-in-one-seo-pack/

http://www.yourblog.com/wp-content/themes/

replacing www.yourblog.com with your own domain name. You could also check other folders that you know exist on your wp-content folder.

If you see a list of files, it means that directory browsing is enabled on your blog host. This is a potential security problem because some people can check your plugins directory and exploit it if they see some of your outdated plugins. I used the Akismet and All In One SEO Pack directories as example because these are the most popular plugins I can think of.

One of the solutions to prevent this is to put a blank index.html file on your directories. I learned this from Techathand.Net. However, if you only put the index.html file on plugins directory, you only disabled directory browsing on plugins directory, and not on its sub-directories and other directories. So, you have to put index.html on all of the sub-directories to prevent them from accessing those sub-directories. But that’s a lot of work to do, isn’t it?

Here’s an easy option. You can do it easily by adding this line of code on your .htaccess file:

Options All -Indexes

Adding the lines above on your .htaccess file will disable directory browsing in all of your directories and sub-directories. They will see a 404 page instead. Got that line of code from the man with a big Adsense check. :)

Secure your WordPress blog. Add that single line of code on your .htaccess file. Now na! ;)

Marhgil Macuha

Marhgil Macuha is a Computer Engineer by profession. He is a professional network marketer in the Philippines, with business partners all over the world.

Facebook Comments

Leave a Reply