Wesbytes Knowledge Base

Search our articles or browse by category below

How to Disable Directory Browsing

Last modified: June 28, 2022
You are here:
Estimated reading time: 1 min

What is Directory Browsing?

When someone accesses a website using a web browser rather than a webpage, they can view all the files and directories thanks to Directory Browsing or Directory Listing.

The web server that hosts your website also shows the content of your web directories and other files in addition to displaying web pages. This occurs as the web server did not get the directive to determine which web pages to display because there is no index file (index.html, index.php, etc.) in the directory.

Why Disable Directory Listing?

First of all, if a web server is set up to show all of your website’s contents, information disclosure issues will arise. An attacker or hacker could use this to help them attack your blog.

Consider the possibility that a hacker may use your website’s weaknesses, such as WordPress plugins, themes, and core, to access all of your sensitive and important files that are blocked. He would get crucial information about how websites are set up as a result.

How to Disable Directory Listing

  1. Before making any changes, we first advise you to make a backup of your website.
  2. Next, check to see if a list of files rather than a web page is presented when you navigate to the various directories on your website in your browser.
  3. You can end here if you don’t come across any directories that are showing file lists.
  4. Then go to your hosting plan’s File Manager. (Business Web Hosting / Email Hosting)
  5. Go to the folder where the directory browsing was displayed.
  6. Edit the .htaccess (Linux) or web.config (Windows) file.
    • Linux: at the top of the .htaccess file, insert the following line:
      Options -Indexes
    • Windows: in the web.config file, find and remove the following line: <directoryBrowse>
  7. Save the changes to your file.
Was this article helpful?
Dislike 0
Views: 16