WP-includes directory question

  • Resolved David S

    (@affordablewebsitesdenvercom)


    3 years, 11 months ago

    I noticed an older client site running WordFence shows all their directory folders if I go to https://mysite.com/wp-includes.

    Obviously for security purposes I would want to remove the visibility of those folders.

    Is this tutorial accurate and would doing this help solve the problem?

    Here is the link: https://www.wpbeginner.com/wp-tutorials/disable-directory-browsing-wordpress/

    Of course this is a client site with WordFence installed. Since it is a client site, I want to make sure I don’t break the site or impede WordFence operating efficiently and remember something happening with the index file when I was first installing WordFence.

Viewing 1 replies (of 1 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @affordablewebsitesdenvercom,

    You are absolutely right. WordPress does not disable directory browsing by default and some people wish to do this using the method in the URL you’ve provided.

    Firstly, download your .htaccess file and make a copy so you can restore it immediately if anything goes wrong. This should be found in the root directory of your site when accessing via FTP or your host’s file manager.

    Open it in a text/code editor of your choice. Find the line that says # END WordPress and add the following lines directly below:

    # Disable Directory Browsing
Options All -Indexes

    Upload the new .htaccess file and overwrite the existing one.

    You should be able to visit folders like /wp-includes to verify that directory browsing is now disabled by seeing a “Page Not Found” or “Forbidden” error message.

    I hope that helps you out.

    Thanks,

    Peter.

Viewing 1 replies (of 1 total)
  • The topic ‘WP-includes directory question’ is closed to new replies.