Beginner's Guide for WordPress - Start your WordPress Blog in minutes.
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
WordPress Plugins
View all Guides

How to Disable Directory Browsing in WordPress

Last updated on by
Special WordPress Hosting offer for WPBeginner Readers
How to Disable Directory Browsing in WordPress

By default when your web server does not find an index file (i.e. a file like index.php or index.html), it automatically displays an index page showing the contents of the directory. This could make your site vulnerable to hack attacks by revealing important information needed to exploit a vulnerability in a WordPress plugin, theme, or your server in general. In this article, we will show you how to disable directory browsing in WordPress.

An example of directory index browsing in WordPress

Why You Need to Disable Directory Browsing in WordPress

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. For the comprehensive security of our sites, we use Sucuri for WordPress security. They have a simple dashboard which allows us to do this and perform many other WordPress security strengthening steps with in few clicks.

Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.

Video Tutorial

If you don’t like the video or need more instructions, then continue reading.

To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s .htaccess file located in the root directory of your website. To edit the .htaccess file you need to connect to your website using an FTP client.

Once connected to your website, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.

You can edit your .htaccess file by downloading it to your desktop and opening it in a text editor like Notepad. Now at the end of your WordPress generated code in the .htaccess file simply add this line at the bottom:

Options -Indexes

Now save your .htaccess file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.

We hope this article helped you learn how to disable directory browsing in WordPress to make your website more secure. For questions and feedback you can leave a comment below or join us on Twitter.

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Page maintained by Syed Balkhi.

WPBeginner's Video Icon
Our HD-Quality tutorial videos for WordPress Beginners will teach you how to use WordPress to create and manage your own website in about an hour. Get started now »


  1. Lily says:

    Thank you. Worked like a charm!

  2. Prakash says:

    This Above Trick Is Not Working Man….

  3. Mike says:

    Is there a way to allow viewing a directory but just hide the Parent Directory link for a specific page? This would be a network share folder that multiple people would access, and have sub folders which would still require a parent directory listing. I just don’t want anyone going above the shared folder.

  4. Christian Nastari says:

    This didn’t work for me. I tried before and after #END WordPress and didn’t work. I also tried “Options All -Indexes”, but didn’t work either

  5. hrwhisper says:

    very helpful, thank you very much

  6. nitai says:

    Really great. today I just faced and thinking how can I disallow like joomla and I found the exact solution.

  7. Rob Myrick says:

    This was very helpful and quick – thank you

  8. Anita in SD says:

    Thanks so much, was dismayed to see images from my site going to a parent directory :0. This was very helpful and worked well.
    Blessings – A

  9. Heather Jacobsen says:

    Thanks for this tutorial. It worked great for hiding my uploads from anyone just wanting to browse that directory. One question, though. Does this by chance turn off the ability of search engines to browse my website. Sorry if it seems like a dumb question. I am a newbie, after all. :)

  10. Wasil Burki says:

    I added the Options -Indexes code to the htaccess file, however now I am not able to access the site I get a 503 error. Am I doing something wrong? Need help bad!! Thanks

  11. Ted says:

    The problem I have is that I can see the directory of this wordpress site, so if you are using this solution then it doesn’t work… (theme wpbv4)

  12. Rahul says:

    Thank you so much for the tutorial!

    I was very concerned when I discovered some of my theme directories could be browsed. All good now, thanks to your tutorial. I never knew .htaccess packed in so much punch.

  13. KeelAha says:

    Hello Syed Balkhi

    I just noticed that one of your site having directory browsing enabled on following folder.

    Not sure if that is important to you.
    Have a great weekend and keep doing your good work.


  14. Logan says:

    Why do I get a blank page, and not an error when I try to access the ../wordpress/wp-content/ or ../wordpress/wp-content/plugins/ ?

    • WPBeginner Support says:

      It may depend on your theme or your hosting environment. Try enabling directory browsing and then access these directories. If you still get a blank page then this means that those directories have a blank index.php file in them.

  15. Charlie Sasser says:

    I tested this before I made any changes with a location that didn’t have an index.php or .htm file and yes you can see all of the files. I added the suggested line at the end of the .htaccess. The location now creates a 403 error from the host and not a 404 error from WordPress. I’m running WP 3.8. Is this the expected behavior?

  16. Abhisek says:

    Better WordPress Security plugin takes care of that.

    • Govinda says:

      How do I do it in Better Wp security.
      I have installed the plugin, but not able to find this feature

  17. Costin says:


    Could you please tell me if “Options All -Indexes” is the same or better?

    Thank you!

  18. David Trees says:

    Thanks for this important information.

    Do you mean;


    Options -Indexes
    # END WordPress


    # END WordPress
    Options -Indexes

    Thanks for your reply.


Add a Comment

We're glad you have chosen to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and all links are nofollow. Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.