Security – Prevent Directory Browsing

By default, most hosts allow directory listing. Because there are a standard set of directories in a WordPress installation, the hacker can go directly to the directory inside your site and see all of the files in that directory. This is definitely a security risk, because a hacker could see the last time that files were modified and access them.

This is a simple but important problem to fix. You have three options:

1. Place an empty file in each directory with the name INDEX.HTML or INDEX.PHP
2. If you are using an Apache webserver, modify your .htaccess file
3. Use a Security plugin (see the end of the series for suggestions)