Directory browsing is enable by default in almost all of the web server. Directory browsing means if the web server does not find any index file which is an index.html or index.php in the directory, it will displays the contents of that directory making the site vulnerable to attacker. Because these files may contain important information that will help the hacker to exploit your site.
To check if your WordPress site allow directory browsing, you can go to http://www.mysite.com/wp-content/uploads/ replacing mysite with your site domain provided that if wp-content/uploads/ is you uploads directory.
In this article, we will show you how to prevent directory browsing at your website. It is highly recommended to disable directory browsing.
To disable directory browsing all you have to do is add the following line at the end of your WordPress’s .htaccess file which is located at the root directory of your site.
Options -Indexes
That’s it, now directory browsing is disable in your WordPress site making your website more secure.
For questions you can always use the comment form below. You can also join us on Facebook