[Lesson 8] Disable directory browsing and listing on your WordPress In 5 Minutes
Directory browsing is when you can browse a website’s files and folders and it displays you that. This happens because the web server that hosts your site can not only display web pages. But also the content of your web directories and other files. The reason this happens is because there is no index file(index.html, index.php etc) in the directory.
When a browser sends a request to access a web page, it is the web server that processes that request. A web server can be configured or instructed to prioritize which web pages to display whenever it receives such requests.
Typically, the index file (“index.html” or “index.php”) is the first file the web server serves up when a browser sends a request. However, in the absence of an index file, the web server displays the entire contents of the directory that was requested by the browser. This means all the files and folders inside the directory are on display!
Directory browsing would also enable an attacker to view the critical and confidential contents of restricted files in the directory. And even the hierarchy of these files, that would give him crucial insights into the configuration of the website. All these would aid him in finding the vulnerabilities in your site – WordPress plugins, themes, core etc – if the directory that contains these files has enabled directory browsing by default.
WordPress Security Lessons
Rock solid security, amazing support