How to disable directory listing without using .htaccess

Hi @theOff I am assuming that you are using either Apache or Litespeed Web Server. The only way I could think of would be maybe adding the mod rewrite directives directly in the apache or litespeed Virtual Host Configuration file. Whatever you would write in .htaccess could easily be added to the VirtualHost.conf file in apache or litespeed. I am not sure whether you have access to modify the website configuration file. If you could help me with a little more detail maybe I can take a look and see if I can be of any help.

Add an empty (zero-byte) index.html file to the wp-content/uploads directory…does that work for you?

Thanks Dion for a valuable solution!

Is it permanent solution?

Thanks Sab for replying my post!

I do not have access to server configuration files.

It’s permanent as long as index.html is a valid “DirectoryIndex” file. If you have media uploads arranged by year/month, you might want to add index.html files to each of the monthly directories.

Of course, the best solution is to turn off indexes in a .htaccess file.

It is very cumbersome process.

What is a valid “Directoryindex” file?

Hi @theoff it is really not that hard. All you want to do is have this in your .htaccess file

<Directory "/home/your/website/location">
Options -Indexes
</Directory> 

On the Directory line specify the address to your wordpress directory. This will give a forbidden error to all folders under you root wordpress directory including wp-content/uploads/. You really want this because you don’t want the hassle of creating so many index.html files in every folder that you do not want to display. This protects every folder. I am assuming that you are using Apache Web Server. If the server in question is Litespeed then the code would be as follows

Options -Indexes

As far explaining this goes let me try. The Options -Indexes will return a 403 forbidden error if a URL which maps to a directory is requested and there is no DirectoryIndex (for example index.html) in that directory.

If you wanted to know more this is where you should look.
https://httpd.apache.org/docs/2.4/mod/core.html#options

A valid “DirectoryIndex” file is whatever has been defined in your Apache configuration. Most of the time it will include filenames such as index.htm, index.html, and index.php. You don’t want to use index.php because that requires loading the PHP process, which wastes server resources. So try index.html and see if it works; if it does, then use it.

Yes, the process is cumbersome. That’s because Apache can deal with this situation in .htaccess files by adding Options -Indexes. (Note about above instructions: <Directory> is not supported in .htaccess files, and using it will result in HTTP500 server erros.)

Hi @diondesigns @theoff Thanks for pointing that out. I was absolutely wrong with the Apache Directory directive. The correct Apache code would be

Options -Indexes

as already pointed out by @diondesigns.

Adding this to your .htaccess file should give a 403 Forbidden Error across all the directories. My assumption was my mistake. You can only add Directory directives only in the Apache server configuration files.

Thanks Sab!

But I do not have access to .htaccess file as I mentioned in my query.

Thanks Dion for elaborating on the valuable solution!

• This reply was modified 3 years, 4 months ago by Anonymous User 5738192.