Bloggers Disable Directory Indexing

If you are running a wordpress blog then you may be vulnerable to hacks and attacks by having your plugins exposed without you even realizing it. Test this by hitting your blog URL/wp-content/plugins and see if you get a full index listing of your wordpress plugins.


If you can see all of your plug-ins, then you need to disable your directory indexing to avoid exposing this information to malicious intentions. To do this you need access to your web server and you would need to edit your .htaccess file

Once you edit the .htaccess file put this line anywhere in side the file

Options -Indexes

Then save your file

Now test your and you should instead see your blogs 404 page and not your directory list of plugins exposed.

This will also protect your site from exposing directory listing on any folder that doesn’t have a index.htm or index.html file. Unless you intentionally want to allow people to access directories to download files from your blog or server, you should have directory indexing turned off.

Now, if you do want some folders to have directory indexing and you want to just disable directory indexing for a single folder, this little trick will disable it for one folder.

create a 0 byte index.html file in the folder you want to specifically disable directory indexing

Example, to disable Directory Indexing for just the wp-content/plugins folder you would perform the following on your web site.

cd dragonblogger/
cd wp-content/plugins
touch index.html

Now if you hit your website/wp-content/plugins you will get a blank page instead of your directory listing.

-Dragon Blogger

Share Feedback We Want to Hear From You