How to Disable Directory Browsing in WordPress using .htaccess

A self hosted WordPress blog is usually hosted on a server, which also enables FTP browsing. In most of the cases, a user can always browse your web directory, if he knows the location, and if you have not disabled directory browsing. This also put your WordPress blog into danger, and make it prone to hacking.

[caption id="attachment_956" align="aligncenter" width="480"] How to Disable Directory Browsing in WordPress using .htaccess[/caption]

Adding to it more, a user can always browse your file structure, find what themes and plugins you are using. There are plugins like  Disable directory listings which let you achieve it with the help of plugin, but as I keep recommending, it’s a good idea to get more work done without using a plugin. In this tutorial, I will be sharing how you can stop directory browsing in WordPress by using .htaccess method.

If you are using WordPress SEO by yoast plugin or Robots meta plugin, you can edit your .htaccess file from the WordPress dashboard. Else, you need to use a FTP client to access your file server, and edit your .htaccess file. For Mac OS, you can use Cyber duck and for Windows OS, you can use FIleZila.

How to Disable Directory Browsing in WordPress using .htaccess:

Here I will be talking about FTP method to edit your WordPress .htaccess file, but you can always use plugins to edit your file.  For WordPress SEO by Yoast plugin, go to SEO > Edit files and you will be able to make changes in your file. If you are using Robots meta plugin, you can go to settings > Meta robots and edit your .htaccess file.

The only thing which you need to do is, add a single line of code (shared at the bottom) in your .htaccess file, and that will disable WordPress directory browsing. Login to your hosting FTP account, and at the root you will find .htaccess file. If you are using FIleZilla or Web based FTP, you might like to enable “Show hidden files” to see your .htaccess file.  Before you make any change, I recommend you to create a backup of existing .htaccess file.

By default WordPress .htaccess file will have following codes:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
IfModule>

# END WordPress

Stop WordPress Directory browsing: All you need to do is, add a single line of code

Options All -Indexes

And your final .htaccess will look like this:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Options All -Indexes

That’s it, and now directory browsing is disabled on your WordPress blog, and your blog is now more secure. You can check out out related resources to make your blog more secure.