• Dreamhost Banner Ad

How To Disable Directory Browsing On Your WordPress Blog Easily

If you have a self-hosted WordPress blog, check the following links on your favorite browser:

http://www.yourblog.com/wp-content/plugins/
http://www.yourblog.com/wp-content/plugins/akismet/
http://www.yourblog.com/wp-content/plugins/all-in-one-seo-pack/
http://www.yourblog.com/wp-content/themes/

replacing www.yourblog.com with your own domain name. You could also check other folders that you know exist on your wp-content folder.

If you see a list of files, it means that directory browsing is enabled on your blog host. This is a potential security problem because some people can check your plugins directory and exploit it if they see some of your outdated plugins. I used the Akismet and All In One SEO Pack directories as example because these are the most popular plugins I can think of.

One of the solutions to prevent this is to put a blank index.html file on your directories. I learned this from Techathand.Net. However, if you only put the index.html file on plugins directory, you only disabled directory browsing on plugins directory, and not on its sub-directories and other directories. So, you have to put index.html on all of the sub-directories to prevent them from accessing those sub-directories. But that’s a lot of work to do, isn’t it?

Here’s an easy option. You can do it easily by adding this line of code on your .htaccess file:

Options All -Indexes

Adding the lines above on your .htaccess file will disable directory browsing in all of your directories and sub-directories. They will see a 404 page instead. Got that line of code from the man with a big Adsense check. 🙂

Secure your WordPress blog. Add that single line of code on your .htaccess file. Now na! 😉

Marhgil Macuha

Marhgil Macuha is a Computer Engineering graduate of Batangas State University. He is currently a Senior Solutions Developer at a Canadian IT company.

26 Comments:

  1. OMG ! I never knew that. I am so glad I seen this blog post. Thanks a bunch.

  2. I think you should also redirect your 404 pages to a site map, this way, your “visitor” would be then be just looking at your contents and archives. 😀 this is also good for the crawlers. IMHO.

    cheers.

  3. hehe…me ganun pla…ang ginawa q before nilagyan q tlga lahat ng index.html.. ^_^

  4. nice info, I will apply in my blog

  5. haha!!! ganito ginagawa ko nuong hiskul pa ako. maganda ang idea na ito para hindi makita yung mga sekreto mong files…

  6. it is time to add those line to my .htaccess file

  7. i love this post dude, thank a lot for ur advice.

  8. Im not a coder myself sir macuha, actually the tip didn’t work out for my blog, i did a research and got a different code, i posted it in my blog.. http://hinlalato.com/hide-those-wordpress-directory-files/

    This worked for me.. kindly review if you have time? thankies.

    jayl

  9. di lang keywords pati webmaster tips ! slamat sa pag share marghil 🙂

  10. This is quite an old trick, but like what I’ve read on the comments section earlier. Some are still considering this as a new trick and it’s nice of you bringing this topic publicly.

  11. nice tutorial, thanks ulit, try ko muna sa isa kong blog. 😀

  12. waahh dia ako marunong… san ba mkita ung htaccess file? cenxa na inosente pa maxado me sa mga ganyang bagay lolz.. neways inisa isa ko nlng sa mga content and plugin ko ung blank na index.hmtl and i think nag work na man… salamat sa pag post mo nito marghil, naging aware na ang mga bloggers sa mga ganyang bagay… lalo na sa mga newbies like me.. wehehehe… buti nlng ngsubscribe ako sa blog mo at nabasa ko ito.. 😀

  13. Thanks for the tip! Akala ko safe na ko! 😀

  14. Sir, salamat po sa information 🙂

  15. good bunch of infos, thanks

  16. thanks for this info marhgil! this will be of use to me.

  17. That’s very informative and useful tip. Thanks!

  18. nice information.. thanks! gagawin ko toh.. mwah!

  19. Do you know how to upgrade the new version off wordpress? is that by FTP?

  20. guys, try nyo din sa .htaccess file nyo. this works the same way

    IndexIgnore */*

    this disallows directory browsing or file listing too..

  21. ang galing mo sir uu nga nakikita nga ang directories salamat ng madami. Ito po ginawa ko para hindi makita at 404 error msg na. punta ka lang sa cpanel tapos sa password/protect directories click ko lang yun then nilagay ko lang yung directory na password protect ko yun na ok na hehehehe.

  22. wow..thanks for the share..
    gamit ko ung tip ni dex.. ung index.html pero mukang mas super easy eto.. hehehe..

    salamat uli.. keep the blogging tips post coming..

    zalds
    nag iwan ng bakas… 🙂
    My Journey in Making Money Online – – currently checking the Chitika Premium which gave me $301 in 35days

  23. Thanks! Disabled my directory browsing.

Leave a Reply