Making site directories non-browsable

  • Resolved Robert Eichhorn

    (@robert-eichhorn)


    4 years ago

    Adding code to a .htaccess file to make site directories non-browsable sounds like a good idea for security but how will I be able to access the .htaccess file if the directory it is in is non-browsable? My web host account has a File Manager to access the folders and files on my site. Will the File Manager be able to open my site directories if they are non-browsable?

Viewing 1 replies (of 1 total)

  • “Browsable” here means that if a visitor to your site just types the URL of a directory, then the web server will respond with a full list of the directory content.
    1. Almost all web hosting providers nowadays have this option turned off as default.
    2. Virtually all directories that WordPress uses contains a file “index.php” which takes precedence over a content listing. (And this file, typically, does nothing – it just returns a blank page…)

    However, there is one place where you still might want to be sure that external directory listings are turned off: for anything under wp-content/uploads/
    If your web server is Apache (most of them are), then you could add the following line in your .htaccess file:

    Options -Indexes

    And that’s it.

Viewing 1 replies (of 1 total)
  • The topic ‘Making site directories non-browsable’ is closed to new replies.