Are you aware of how insecure your files are when you upload them to WordPress? Did you know anyone can go to a secret folder on your WordPress blog and download all your files and data?
Chances are you do as you’ve landed on this article and you want to put a stop to that.
I’m going to show you how to disable directory browsing in under 60 seconds using one line of code which is entered into a file called, .htaccess located in public_html on your cPanel hosting account.
Confused yet? Let’s take this one step at a time.
You need to open up your cPanel or hosting control panel and look for file manager.
On the left ensure you’re looking at the public_html folder, you’ll notice files such as wp-content and other WordPress php files. You need to click the ‘Settings’ cog in the top right and choose, ‘Show Hidden Files (fotfiles)’
Now you’ll see a file called, ‘htaccess’ – If you don’t then you’ll need to create one (see below).
Edit this file and insert the following code to the end of the file “Options -Indexes”
Now save your file and reload your website. Try navigating to a specific directory which was accessible before, for example wp-content/uploads.
If you need to create a new htaccess file you should create this file in Notepad on your computer called htaccess.txt. Upload the blank file to public_html and then rename this using cPanel to .htaccess. Now repeat the steps above.
Great, you’ve successfully disabled directory browsing on your WordPress blog. Visitors will need to know the entire file path to access files/downloads in future.