WPBeginner

Beginner's Guide for WordPress

  • Blog
    • Beginners Guide
    • News
    • Opinion
    • Showcase
    • Themes
    • Tutorials
    • WordPress Plugins
  • Start Here
    • How to Start a Blog
    • Create a Website
    • Start an Online Store
    • Best Website Builder
    • Email Marketing
    • WordPress Hosting
    • Business Name Ideas
  • Deals
    • Bluehost Coupon
    • SiteGround Coupon
    • WP Engine Coupon
    • HostGator Coupon
    • Domain.com Coupon
    • Constant Contact
    • View All Deals »
  • Glossary
  • Videos
  • Products
X
☰
Beginner's Guide for WordPress / Start your WordPress Blog in minutes
Choosing the Best
WordPress Hosting
How to Easily
Install WordPress
Recommended
WordPress Plugins
View all Guides

WPBeginner» Blog» Tutorials» How to Disable Directory Browsing in WordPress

How to Disable Directory Browsing in WordPress

Last updated on July 7th, 2014 by Editorial Staff
174 Shares
Share
Tweet
Share
Pin
Free WordPress Video Tutorials on YouTube by WPBeginner
How to Disable Directory Browsing in WordPress

By default when your web server does not find an index file (i.e. a file like index.php or index.html), it automatically displays an index page showing the contents of the directory. This could make your site vulnerable to hack attacks by revealing important information needed to exploit a vulnerability in a WordPress plugin, theme, or your server in general. In this article, we will show you how to disable directory browsing in WordPress.

An example of directory index browsing in WordPress

Why You Need to Disable Directory Browsing in WordPress

Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. For the comprehensive security of our sites, we use Sucuri for WordPress security. They have a simple dashboard which allows us to do this and perform many other WordPress security strengthening steps with in few clicks.

Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.

Video Tutorial

Subscribe to WPBeginner

If you don’t like the video or need more instructions, then continue reading.

To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s .htaccess file located in the root directory of your website. To edit the .htaccess file you need to connect to your website using an FTP client.

Once connected to your website, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.

You can edit your .htaccess file by downloading it to your desktop and opening it in a text editor like Notepad. Now at the end of your WordPress generated code in the .htaccess file simply add this line at the bottom:

Options -Indexes

Now save your .htaccess file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.

We hope this article helped you learn how to disable directory browsing in WordPress to make your website more secure. For questions and feedback you can leave a comment below or join us on Twitter.

174 Shares
Share
Tweet
Share
Pin
Popular on WPBeginner Right Now!
  • Google Analytics in WordPress

    How to Install Google Analytics in WordPress for Beginners

  • How to Properly Move Your Blog from WordPress.com to WordPress.org

  • How to Start Your Own Podcast (Step by Step)

    How to Start Your Own Podcast (Step by Step)

  • Revealed: Why Building an Email List is so Important Today (6 Reasons)

    Revealed: Why Building an Email List is so Important Today (6 Reasons)

About the Editorial Staff

Editorial Staff at WPBeginner is a team of WordPress experts led by Syed Balkhi. Trusted by over 1.3 million readers worldwide.

The Ultimate WordPress Toolkit

73 Comments

Leave a Reply
  1. sami says:
    Feb 23, 2021 at 7:00 am

    Does this method affect google crawling .. is it SEO friendly?

    Reply
    • WPBeginner Support says:
      Feb 23, 2021 at 9:17 am

      It should not affect search engines crawling your site.

      Reply
  2. Meera Shaikh says:
    Oct 5, 2020 at 8:16 pm

    Thanks its Done

    Reply
    • WPBeginner Support says:
      Oct 6, 2020 at 10:17 am

      You’re welcome :)

      Reply
  3. Pradeep says:
    Sep 17, 2020 at 1:52 am

    Thanks my friend, I just try this and it’s work.
    You are the genius.

    Reply
    • WPBeginner Support says:
      Sep 17, 2020 at 11:36 am

      Glad our guide was helpful :)

      Reply
  4. mousam says:
    Aug 16, 2020 at 7:09 am

    Thank you. I applied and it worked.
    You guys are the best source for learning wordpress.

    Reply
    • WPBeginner Support says:
      Aug 17, 2020 at 3:44 pm

      You’re welcome, glad our guide was helpful :)

      Reply
  5. Kevine says:
    Aug 6, 2020 at 3:11 am

    Thank you very much for this. It solved my problem.

    Thanks again.

    Reply
    • WPBeginner Support says:
      Aug 6, 2020 at 10:50 am

      You’re welcome, glad our guide was helpful :)

      Reply
  6. malika says:
    Jul 14, 2020 at 1:41 pm

    Thank you for sharing information!

    Reply
    • WPBeginner Support says:
      Jul 15, 2020 at 10:35 am

      You’re welcome :)

      Reply
  7. Jonthan says:
    Jun 25, 2020 at 10:01 am

    So is it ok to have this code on .htaccess file even when an index.php file is present in the root folder.

    Kindly respond.

    Reply
    • WPBeginner Support says:
      Jun 26, 2020 at 8:43 am

      Yes :)

      Reply
  8. Teresa Cuervo says:
    Jun 24, 2020 at 4:53 pm

    Do you need Filezila to do this or can you go to the FTP via Cpanel and do this?
    Thank you

    Reply
    • WPBeginner Support says:
      Jun 25, 2020 at 8:52 am

      You can use either, not all hosts have a file manager is why we show Filezilla :)

      Reply
  9. michael says:
    May 21, 2020 at 2:39 am

    Hello
    does this action affect pages indexing on search engines?
    and does it make some problems for indexed pages of my WordPress website?
    Thanks

    Reply
    • WPBeginner Support says:
      May 21, 2020 at 8:51 am

      No, it would not affect that negatively.

      Reply
  10. Rhen Castrodes says:
    Apr 6, 2020 at 2:24 am

    Thank you. it works

    Reply
    • WPBeginner Support says:
      Apr 7, 2020 at 8:26 am

      Glad our recommendation was able to help you :)

      Reply
  11. John says:
    Mar 10, 2020 at 2:22 pm

    Thank you! It works even now in 2020.

    Reply
    • WPBeginner Support says:
      Mar 11, 2020 at 8:38 am

      You’re welcome :)

      Reply
  12. Shams says:
    May 15, 2019 at 5:26 am

    Amazing post,

    Just have simple question, I added this code and it’s working, the question is Google indexes those page e.g sitecom/wp-contents/2019/2, will Google remove those pages automatically now as these are 404. Or I should remove it in Search Console?

    Thanks

    Reply
    • WPBeginner Support says:
      May 15, 2019 at 11:31 am

      This code should not make your direct links to images and files turn into 404s

      Reply
  13. Bill says:
    Apr 7, 2019 at 4:02 am

    Hello!

    I recently applied this rule
    and at the same day the front page of my blog
    got vanished from google index.

    Do you see any connection?

    Reply
    • WPBeginner Support says:
      Apr 8, 2019 at 1:05 pm

      Adding this to your htaccess should not affect your indexing, there are multiple reasons and you would want to check your Google Search Console for what it says about your home page.

      Reply
  14. Ionel G says:
    Mar 12, 2019 at 11:09 am

    Thanks for all the tips that you provide!
    I am still wondering how can you hide the wp-content & wp-include folder from sources? I hate it when someone goes right click and source it can see all of my plugins :). Do you have any script for this?
    Thank you in advance!

    Reply
    • WPBeginner Support says:
      Mar 13, 2019 at 10:05 am

      We do not have a recommended method for that at the moment, the most common reason you can’t see those folders in dev tools is a site’s cache.

      Reply
  15. Mayur says:
    Jan 17, 2019 at 12:27 pm

    Could you please tell me How can i disable WordPress in sub folder like my WordPress install on [www.mydomain.com] and i want to disable wordpress in [www.mydomain.com/customscript]

    Reply
    • WPBeginner Support says:
      Jan 18, 2019 at 10:09 am

      You may want to first take a look at creating a custom page template: https://www.wpbeginner.com/wp-themes/how-to-create-a-custom-page-in-wordpress/
      Otherwise, you would need to create a folder with that name and inside that folder add an index.html file for a nonWordPress page to appear.

      Reply
  16. Rafael says:
    Nov 12, 2018 at 3:35 pm

    Thank you. Worked perfectly for all browsers.

    Reply
  17. Dipankar says:
    Aug 31, 2018 at 7:50 pm

    but wp-content is showing . how to remove it as well.

    Reply
  18. Deatram says:
    Jun 22, 2018 at 1:35 pm

    I disabled directory browsing, but still someone can see my directory when they use developer tools in chrome browser. How do I disable in that as well?

    Reply
  19. Faeze says:
    Apr 25, 2018 at 12:50 am

    I added the line that you said in .htaccess but it showes my directories yet .
    What should I do now??

    Reply
  20. Nathan says:
    Sep 5, 2017 at 3:07 pm

    When I click “Save Changes” on the Permalink Settings page the .htaccess file is updated, erasing the “Options -Indexes” code that I inputted. The code works fine, but I am concerned I will unknowingly delete it while performing some other task. Are there any other dashboard settings changes that I should know about that may affect the .htaccess file and erase the code? Thanks

    Reply
  21. Tôi Sống says:
    Jul 19, 2017 at 10:52 am

    Awesome, it work very good!

    Reply
  22. Baggio says:
    Jul 16, 2017 at 7:32 pm

    Huge fan of wpbeginner, Optin Monster – I got so many useful tips and tricks on WP – and I have to say, the site design is just brilliant. And of course, the content here is epicly useful.

    Thanks guys!

    Reply
  23. daniel says:
    Jun 29, 2017 at 7:51 am

    Hey! It doesnt seem to work. if i pull an image to another page its opened with a link of: example.com/wp-content/uploads/…
    Any idea? thanks!

    Reply
    • WPBeginner Support says:
      Jun 30, 2017 at 1:31 am

      Hey Daniel,

      Your images and files inside directories can still be directly accessed. However, server will not let someone directly browse a directory and see its contents.

      Reply
      • Axel Jebens says:
        Oct 28, 2017 at 4:51 pm

        I would appreciate if you could iterate on this. I had a hard time when trying to get a solution for this issue. There are some ideas based on a htaccess redirecting to a php file that first checks if the user is logged on. Is there any plugin which provides such a function?

        Reply
  24. Ünal Hoca says:
    May 5, 2017 at 7:25 pm

    Thank you

    Reply
  25. Khalid Mahmud says:
    Mar 15, 2017 at 7:56 am

    Thank you. It’s working…….

    Reply
  26. Kim says:
    Dec 25, 2016 at 3:31 pm

    Sorry to late ask. I want to know, are these techniques safe to use regarding SEO score ? Hope you answer !

    Reply
    • WPBeginner Support says:
      Dec 25, 2016 at 8:47 pm

      Yes, they are.

      Reply
  27. Kimmy says:
    Nov 11, 2016 at 11:09 pm

    Still works pretty well. Awesome, simple, and working. Thanks!

    Reply
  28. Charles says:
    Nov 9, 2016 at 7:10 pm

    I have been writing this same code for weeks now but my directory remains visible to users. Pls what am doing wrong? Or could it be that my site is still loading from cached contents? Everybody says it is working but my own experience is different. Any help will be appreciated! Thanks in anticipation of your reply.

    Reply
    • Kimmy says:
      Nov 11, 2016 at 11:10 pm

      What part are you having trouble on? What is your hosting provider btw?

      Reply
  29. Lily says:
    Jul 31, 2016 at 1:48 am

    Thank you. Worked like a charm!

    Reply
  30. Prakash says:
    Jun 2, 2016 at 10:40 am

    This Above Trick Is Not Working Man….

    Reply
  31. Mike says:
    May 5, 2016 at 5:45 pm

    Is there a way to allow viewing a directory but just hide the Parent Directory link for a specific page? This would be a network share folder that multiple people would access, and have sub folders which would still require a parent directory listing. I just don’t want anyone going above the shared folder.

    Reply
  32. Christian Nastari says:
    Mar 30, 2016 at 4:47 pm

    This didn’t work for me. I tried before and after #END WordPress and didn’t work. I also tried “Options All -Indexes”, but didn’t work either

    Reply
  33. hrwhisper says:
    Jan 6, 2016 at 6:33 pm

    very helpful, thank you very much

    Reply
  34. nitai says:
    Dec 12, 2015 at 1:17 am

    Really great. today I just faced and thinking how can I disallow like joomla and I found the exact solution.

    Reply
  35. Rob Myrick says:
    Oct 4, 2015 at 9:47 pm

    This was very helpful and quick – thank you

    Reply
  36. Anita in SD says:
    Jul 3, 2015 at 12:44 am

    Thanks so much, was dismayed to see images from my site going to a parent directory :0. This was very helpful and worked well.
    Blessings – A

    Reply
  37. Heather Jacobsen says:
    Nov 1, 2014 at 5:29 pm

    Thanks for this tutorial. It worked great for hiding my uploads from anyone just wanting to browse that directory. One question, though. Does this by chance turn off the ability of search engines to browse my website. Sorry if it seems like a dumb question. I am a newbie, after all. :)

    Reply
  38. Wasil Burki says:
    Oct 19, 2014 at 3:12 pm

    I added the Options -Indexes code to the htaccess file, however now I am not able to access the site I get a 503 error. Am I doing something wrong? Need help bad!! Thanks

    Reply
  39. Ted says:
    Oct 16, 2014 at 10:00 am

    The problem I have is that I can see the directory of this wordpress site, so if you are using this solution then it doesn’t work… (theme wpbv4)

    Reply
  40. Rahul says:
    Apr 6, 2014 at 6:27 am

    Thank you so much for the tutorial!

    I was very concerned when I discovered some of my theme directories could be browsed. All good now, thanks to your tutorial. I never knew .htaccess packed in so much punch.

    Reply
  41. KeelAha says:
    Feb 22, 2014 at 10:46 am

    Hello Syed Balkhi

    I just noticed that one of your site list25.com having directory browsing enabled on following folder.

    Not sure if that is important to you.

    http://list25.com/wp-includes/
    Have a great weekend and keep doing your good work.

    regards
    KeelAha

    Reply
    • WPBeginner Support says:
      Feb 25, 2014 at 5:48 pm

      Disabled it, thanks :)

      Reply
  42. Logan says:
    Jan 28, 2014 at 3:21 pm

    Why do I get a blank page, and not an error when I try to access the ../wordpress/wp-content/ or ../wordpress/wp-content/plugins/ ?

    Reply
    • WPBeginner Support says:
      Jan 28, 2014 at 6:11 pm

      It may depend on your theme or your hosting environment. Try enabling directory browsing and then access these directories. If you still get a blank page then this means that those directories have a blank index.php file in them.

      Reply
  43. Charlie Sasser says:
    Dec 23, 2013 at 8:44 pm

    I tested this before I made any changes with a location that didn’t have an index.php or .htm file and yes you can see all of the files. I added the suggested line at the end of the .htaccess. The location now creates a 403 error from the host and not a 404 error from WordPress. I’m running WP 3.8. Is this the expected behavior?

    Reply
    • Bern says:
      Aug 6, 2015 at 2:27 pm

      I have the same issue it shows 403 error not 404. Did you solve this problem?

      Reply
    • Christian says:
      Sep 7, 2018 at 9:58 am

      Same issue appear, what to do now? using latest version of wordpress.

      Reply
  44. Abhisek says:
    Dec 19, 2013 at 10:34 am

    Better WordPress Security plugin takes care of that.

    Reply
    • Govinda says:
      Jan 26, 2014 at 12:00 pm

      How do I do it in Better Wp security.
      I have installed the plugin, but not able to find this feature

      Reply
  45. Costin says:
    Dec 19, 2013 at 4:14 am

    Hi,

    Could you please tell me if “Options All -Indexes” is the same or better?

    Thank you!

    Reply
    • WPBeginner Support says:
      Dec 19, 2013 at 4:30 pm

      Its the same.

      Reply
  46. David Trees says:
    Dec 18, 2013 at 10:44 am

    Thanks for this important information.

    Do you mean;

    Here

    Options -Indexes
    # END WordPress

    OR

    # END WordPress
    Options -Indexes

    Thanks for your reply.

    Cheers
    David

    Reply
    • WPBeginner Support says:
      Dec 18, 2013 at 11:05 am

      Both should work the same but we meant the later one after the END WordPress

      Reply
      • Ivan R Linares says:
        Nov 23, 2016 at 10:36 pm

        Thank you, worked like a charm!

        Reply

Leave a Reply Cancel reply

Thanks for choosing to leave a comment. Please keep in mind that all comments are moderated according to our comment policy, and your email address will NOT be published. Please Do NOT use keywords in the name field. Let's have a personal and meaningful conversation.

Over 1,320,000+ Readers

Get fresh content from WPBeginner

Featured WordPress Plugin
Smash Balloon
Smash Balloon
Add Custom Social Media Feeds in WordPress. Learn More »
How to Start a Blog How to Start a Blog
I need help with ...
Starting a
Blog
WordPress
Performance
WordPress
Security
WordPress
SEO
WordPress
Errors
Building an
Online Store
Useful WordPress Guides
    • 7 Best WordPress Backup Plugins Compared (Pros and Cons)
    • How to Fix the Error Establishing a Database Connection in WordPress
    • Why You Need a CDN for your WordPress Blog? [Infographic]
    • 30 Legit Ways to Make Money Online Blogging with WordPress
    • Self Hosted WordPress.org vs. Free WordPress.com [Infograph]
    • Free Recording: WordPress Workshop for Beginners
    • 24 Must Have WordPress Plugins for Business Websites
    • How to Properly Move Your Blog from WordPress.com to WordPress.org
    • 5 Best Contact Form Plugins for WordPress Compared
    • Which is the Best WordPress Popup Plugin? (Comparison)
    • Best WooCommerce Hosting in 2020 (Comparison)
    • How to Fix the Internal Server Error in WordPress
    • How to Install WordPress - Complete WordPress Installation Tutorial
    • Why You Should Start Building an Email List Right Away
    • How to Properly Move WordPress to a New Domain Without Losing SEO
    • How to Choose the Best WordPress Hosting for Your Website
    • How to Choose the Best Blogging Platform (Comparison)
    • WordPress Tutorials - 200+ Step by Step WordPress Tutorials
    • 5 Best WordPress Ecommerce Plugins Compared
    • 5 Best WordPress Membership Plugins (Compared)
    • 7 Best Email Marketing Services for Small Business (2020)
    • How to Choose the Best Domain Registrar (Compared)
    • The Truth About Shared WordPress Web Hosting
    • When Do You Really Need Managed WordPress Hosting?
    • 5 Best Drag and Drop WordPress Page Builders Compared
    • How to Switch from Blogger to WordPress without Losing Google Rankings
    • How to Properly Switch From Wix to WordPress (Step by Step)
    • How to Properly Move from Weebly to WordPress (Step by Step)
    • Do You Really Need a VPS? Best WordPress VPS Hosting Compared
    • How to Properly Move from Squarespace to WordPress
    • How to Register a Domain Name (+ tip to get it for FREE)
    • HostGator Review - An Honest Look at Speed & Uptime (2020)
    • SiteGround Reviews from 4196 Users & Our Experts (2020)
    • Bluehost Review from Real Users + Performance Stats (2020)
    • How Much Does It Really Cost to Build a WordPress Website?
    • How to Create an Email Newsletter the RIGHT WAY (Step by Step)
    • Free Business Name Generator (A.I Powered)
    • How to Create a Free Business Email Address in 5 Minutes (Step by Step)
    • How to Install Google Analytics in WordPress for Beginners
    • How to Move WordPress to a New Host or Server With No Downtime
    • Why is WordPress Free? What are the Costs? What is the Catch?
    • How to Make a Website in 2020 – Step by Step Guide
Deals & Coupons (view all)
Cozmoslabs
Cozmoslabs Coupon
Get 15% OFF on Cozmoslabs WordPress premium plugins.
Nextiva
Nextiva Coupon
Get the lowest possible price on the best VoIP and business phone service.
Featured In
About WPBeginner®

WPBeginner is a free WordPress resource site for Beginners. WPBeginner was founded in July 2009 by Syed Balkhi. The main goal of this site is to provide quality tips, tricks, hacks, and other WordPress resources that allows WordPress beginners to improve their site(s).
Join our team: We are Hiring!

Site Links
  • About Us
  • Contact Us
  • FTC Disclosure
  • Privacy Policy
  • Terms of Service
  • Free Blog Setup
  • Free Business Tools
Our Sites
  • OptinMonster
  • MonsterInsights
  • WPForms
  • SeedProd
  • Nameboy
  • RafflePress
  • Smash Balloon

Copyright © 2009 - 2021 WPBeginner LLC. All Rights Reserved. WPBeginner® is a registered trademark.

Managed by Awesome Motive | WordPress hosting by SiteGround | WordPress CDN by MaxCDN | WordPress Security by Sucuri.