Walker News

Disable WordPress Directory Listing In Web Browser

I thought to write this post title as “How to secure WordPress directories”, but I’m not sure there are serious security risks by allowing a stranger to browse or list the WordPress directories. If there are, the web hackers and security experts will able to tell!

Other than security concerns, someone might be a kind of “anti open source” blogger who is not willing to share or recommend the nice-to-have WordPress plugins and good-looking WordPress theme templates.
For myself, at first I just thought to block web strangers from directly browsing the Uploads directory that stores images. Later on, for the sake of potential security risks, I think it’s better to turn off all WordPress directories listing in web browser.

Anyway, I do share with you the nice-to-have WordPress plugins and good-looking WordPress themes – e.g. the post of What do I think about New Blogger VS WordPress 2.x!

Oh, by the way, how do I able to browse your WordPress directories? How do I know what are the WordPress plugins that you’re using (but not necessary activated) or the name of your WordPress theme templates?

Well, try to open these URL in Firefox, Internet Explorer, Opera, Safari or any web browsers of your choice (replace walkernews.net with your own WordPress weblog URL – I’ve disable them from listing, as said earlier):

To browse the name of WordPress themes installed:

To browse the name of WordPress plugins installed:

But, you’ll only see an blank browser screen if you browse this URL


Why showing a blank page? Well, if a directory happens to keep a file called index.html, index.php, etc, the Apache web server will attempt to render such file (which is considered as the home page of a web)!

In my wp-content directory, there is an index.php with empty line. Hence you’ll only see an empty page!

How to disable WordPress directories from listing in web browser?

I hope you won’t simply save an empty index.php file to each of the WordPress directories. If you do so, make sure you can browse every posts of your WordPress powered weblog!

In fact, it’s just a really simple trick – get the powerful Apache .htaccess configuration file to do the good job!

All you have to do is adding this single line into the .htaccess file. Immediately, the Apache web server will disable all web directories contents listing in a web browser:

IndexIgnore *

To disable only selected files from displaying in web browser, e.g. the README and .htaccess file, write the IndexIgnore directive as

IndexIgnore README .htaccess

This is the wonderful of Apache web server! If you’re a junior webmaster, please also confirm the image hotlinking prevention feature has been turned on to stop the bandwidth theft!

Custom Search

  1. How To Setup Multiple Virtual Hosts In Apache – Walker News 08-10-07@03:25

    […] domains in one super Linux machine. Statistically, majority of these Linux boxes are running Apache (the most popular web […]

  2. Google Chrome: Browser Cache Folder Is Defensive! – Walker News 19-09-08@01:25

    […] Chrome is an open source web browser. And, I’m currently using Google Chrome version (official build 2200) for this […]

2018  •  Privacy Policy