Security – Prevent Directory Browsing

This entry is part 1 of 4 in the series WordPress Security

By default, most hosts allow directory listing. Because there are a standard set of directories in a WordPress installation, the hacker can go directly to the directory inside your site and see all of the files in that directory. This is definitely a security risk, because a hacker could see the last time that files were modified and access them.

This is a simple but important problem to fix. You have three options:

  1. Place an empty file in each directory with the name INDEX.HTML or INDEX.PHP
  2. If you are using an Apache webserver, modify your .htaccess file
  3. Use a Security plugin (see the end of the series for suggestions)


Series NavigationSecurity – Proper WordPress Installation >>
%d bloggers like this: