Do you want to stop directory browsing in WordPress? Plugins, themes, and even your hosting server can be vulnerable to attack via directory browsing, exposing sensitive information to hackers.
Directory Browsing In WordPress
Here you will know how to turn off directory browsing in WordPress.
1. In WordPress, what is Directory Browsing?
The PHP server is used to power WordPress. PHP, an operating system, a database, and a web server are all included in the package. The site’s data is stored in a database. A reliable source of information is required for every website.
On the other hand, a directory is a place where files are kept. The database contains a directory for storing WordPress files. They are usually organized in a hierarchical file system to make finding them more accessible. The public should not have access to these directories because of security concerns.
However, directory browsing in WordPress is made available due to an incorrect server setting. If this occurs, anyone can access the website’s directory files.
2. Why should you turn off browsing directories in WordPress?
Hackers could exploit the directory to gain control of the website if it contains any sensitive information. As far as themes, plugins, and other settings are concerned, everything is stored under the wp-content directory. Anyone with access to the files might look for data that will aid hackers in their attacks on the website. Disabling the feature means that no one can use it anymore.
How To Stop Directory Browsing Using.Htaccess File
FTP clients or cPanel can be used to edit the .htaccess file and prevent directory browsing in WordPress. You only need to add a single line of code to the .htaccess file in the root directory of your WordPress site to accomplish this. You can change this file from afar, but you’ll need FTP software to access your site.
Your website’s root directory contains a file called .htaccess, which is hidden from view. You may not be able to find and locate a file if you don’t have the right FTP client installed on your computer.
Download the file to your desktop when you’ve found it in the root directory. Make two copies of the file: one for editing and modifying and the other to be kept safe in case you make an unintended error.
You can now edit and alter the .htaccess file by opening it. Text editors like Notepad can be used to alter the file. Once the file has been opened, paste the following code at the end of WordPress.
Options All-Indexes
Also Read: Learn How Search Engine Performs?
1. Before altering and modifying the .htaccess file, it appears like this
BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule. /index.php [L]
</IfModule>
# END WordPress
2. This is what the .htaccess file looks like once it has been edited and modified
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule. /index.php [L]
</IfModule>
# END WordPress
Options All -Indexes
3. Steps to Take to Stop Directory Browsing in WordPress
Many methods exist to make WordPress more secure, and disabling directory browsing is one of the most frequent. Log in to your WordPress dashboard and look for the Advanced option as shown below to turn off directory indexing.
Access the File Manager by going to your hosting account >Advanced >File Manager in most cPanel-based web hosts. Open the File Manager by right-clicking on it. Once it’s opened, you’ll be able to see all of its files. Now, pick and open the file you want to make unavailable to other users.
It may look like this when the File Manager is open:
As you can see, there are a large number of files stored in the File Manager. When you choose “Right-Click” on the file, the popup window shown above will appear.
Also Read: How To Use Google Indexing API To Get your Jobs Listed By Google Jobs
4. Changing the permissions on the file is the next step
Each file has default permission, but to prevent visitors from accessing it, assign it file permission 771. This implies that the file can only be accessed by the owner and its groups and not by visitors. Enter 771 in the appropriate fields and press the Change Permissions button to change the file permissions.
Also Read: Best Community WordPress Themes
5. Disable Directory Browsing Via File Manager Indices
Change Indices instead of file permissions in this strategy, similar to the one I’ve described previously. Log in to your cPanel account and select File Manager from the WP-Admin menu. Files and folders can be found via the File Manager. Disable browsing of a certain file or folder.
Until this point, you have selected the folder and right-clicked on it to edit it. When you right-click on the folder, a popup window appears, as shown in the screenshots above. Select “Manage Indices” now.
The index manager will open with various options such as Inherit, No Indexing, Show Filename Only, and Show Filename and Description. File browsing is disabled, and search results are not displayed if you select “No Indexing.” Indexing is enabled by default for the Inherit option in most WordPress files. Change it to ‘No Indexing’ and click on that button. Finally, press the Save button after you’ve checked the No Indexing checkbox.
Also Read: Backlinks Awareness through Google Indexing
6. Disable Directory Browsing Via Directory Indexing
In your cPanel, you can turn off directory indexing, which prevents users from navigating through files and folders. Access your hosting panel by logging in with the email address associated with your web hosting account, and you’ll find menu options like Home, My Site, Domain, and Advanced.
Locate and select the Advanced option from the main menu. cPanel leads you to the Index page under the Advanced area, where you can find Terminal and Error Pages, MIME Types, and Cron Jobs.
Go to Advanced and look for Indexes; then, click on it. When you click on it, you’re taken to the Index Manager. The Current Directory may be seen here, and the Index Manager lets you configure how it appears in search results.
Your WordPress’s current directories are now visible. Select the one you wish to hide from the search results to prohibit unauthorized access to a directory. To prevent directory browsing, you can select Public HTML.
After selecting the Public HTML folder, you will be brought to the Index page, where you may configure the indexing for the selected folder in the Index Manager.
Inherit indexing is the default setting. To stop it from being indexed, you need to alter it. Check the No Indexing option and then click Save.
Also Read: The A-Z of WordPress site Indexing by Google
Conclusion
WordPress directory browsing can be disabled using any of the techniques outlined above. You may always contact your web hosting provider for assistance if all else fails.
Intersting Reads
How To Find Pop-Up Convertible Designs
