[Lesson 8] Disable Directory Listing On WordPress Site

Published on: March 31, 2020

Directory browsing is when you can browse a website’s files and folders and it displays you that. This happens because the web server that hosts your site can not only display web pages. But also the content of your web directories and other files. The reason this happens is that there is no index file(index.html, index.php, etc) in the directory.

When a browser sends a request to access a web page, it is the webserver that processes that request. A web server can be configured or instructed to prioritize which web pages to display whenever it receives such requests.

Typically, the index file (“index.html” or “index.php”) is the first file the webserver serves up when a browser sends a request. However, in the absence of an index file, the webserver displays the entire contents of the directory that was requested by the browser. This means all the files and folders inside the directory are on display!

Directory browsing would also enable an attacker to view the critical and confidential contents of restricted files in the directory. And even the hierarchy of these files, that would give him crucial insights into the configuration of the website. All these would aid him in finding the vulnerabilities in your site – WordPress plugins, themes, core, etc – if the directory that contains these files has enabled directory browsing by default.

Was this post helpful?

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany