Disable Directory Browsing

How to Disable Directory Browsing in WordPress?

If you’re looking for ways to boost WordPress security, then one area that you should consider is by blocking people from being able to browse your directory files. Here’s how to disable directory browsing in WordPress using .htaccess?

Why Disabling Directory Browsing is Good for Security

Stop and consider this for a moment:

Let’s say that you have one of those cabinets made for keeping your personal and private files you wish to keep in a safest place. Now, even though you likely don’t have those under lock and keys, it’s pretty much a given that people should stay out of that cabinet unless they get the go-ahead from you.

Now imagine that you find someone going through those files without your permission. Wouldn’t you be annoyed and cautious of that person’s intentions?

Most of us would. And my guess would be that you would probably start locking that cabinet up from that point on.

Well, this somewhat illustrates the importance of your directory files on your WordPress websites.

Those files are important and you would think that people would have the civility to keep their nose out of things that don’t belong to them, but history paints another sad reality. Truth is that your site’s directory files are on display for anyone in the world to find if they know where to look, and they’re easy to find.

You can easily access WordPress site’s directory files by entering /wp-includes/ at the end of your base URL.

Read More : How to Make Video Autoplay on Shopify?

If you do this to your own site and you find a similar picture to the one mentioned below, then your directory files are accessible to anyone and everyone who wants to take a peek.

That’s a bit frightening when you consider that these files contain sensitive information. It can give access to the hackers finding a way to sneak in and tamper or virtually set your site ablaze. Thus, keeping a WordPress backup of your website is also necessary to prevent and reinstate the files if something went wrong.

Want to prevent that from happening? Then there is a simple fix to put your files under lock and key.

Disable Directory Browsing in Your WordPress Site

Now, you’re going to want to access the .htaccess file of your site. You can do these one of two ways:

  1. Using an FTP client like FileZilla
  2. Through your File Manager in your host’s cPanel

For this WordPress tutorial, I’m going to explain how to do this through your CPanel.

Next, go down to the Files section and click on File Manager. Once you click there, you’ll have a box pop up asking when files you wish to look at (the files in a certain URL).

File Manager

Select the Web Root directory option, select your domain and then make sure to check the box that says Show Hidden Files.

Show Hidden Files

You will see listing with all the files within that certain domain. Scroll through the files that appear and look for the .htaccess file.

Htaccess File

Before you open the file, download it and keep it somewhere safe. Next, click on the file and then go to the top of the screen that says View to that you can view the file. There you should find a few lines of code including the following:

Now take the following code:

Your code will be look like the following code snippet.

Save your changes and you have no locked down your directory from prying eyes. You can double check this by going to your site and adding /wp-includes/ to your URL again.

If you’ve done this correctly, you will get a 404 Error or Permission Error which means that your efforts have been successful!


Even though this isn’t a necessary step, it’s probably a step you should be taking anyway. Your files are important and should be kept private.

It will take a few minutes to do this, but it’s better to keep things safe.

Rahul Sharma

Rahul Sharma is a Founder of Logical IDEA and Bee Flirty. He is a Professional WP Developers, UX Designer, and Digital Marketing Expert. Previously, He Worked as a Digital Marketing Head for An eCommerce Startup. He Graduated with honors from Lovely Professional University with a Dual Degree in Information Technology.

Leave a Reply

Your email address will not be published. Required fields are marked *