Preventing The Directory Browsing

Posted on May 13th, 2011

By default, most hosts allow directory listing. So, if you type in the browser’s address bar, you’ll see all of the files in that directory. This is definitely a security risk, because a hacker could see the last time that files were modified and access them.

Add the following to the Apache configuration or your .htaccess file:

Options -Indexes

Please note that it’s not enough to update the blog’s robots.txt file with Disallow: /wp*. This would prevent the wp-directory from being indexed, but will not prevent users from seeing it.