One of the highly critical topics on the internet world that has come into the limelight nowadays is directory listing feature of the sites, especially those built using WordPress. The website owners, developers and experts fall apart into two categories while answering whether to enable or disable directory listing. Every knowledgeable person comes with a view, but their sole reasons are hardly effective to find a suitable solution.
However, with more hackers have got some many ideas to hack randomly chosen websites, many experts may recommend you to go surely with the disabling option if you are concerned about your website security. If you’re wondering how to disable directory listing, this post can help you a lot.
Why Should You Disable Directory Listing?
Before proceeding further, it’s worth discussing that directory listing is enabled and practiced by some websites because of its benefits such as link popularity and increased conversion rate. However, it is avoided by many developers who believe that security of a website comes first. Hence, if you consider your website’s security as a priority, you must be willing to know how to disable directory listing in the quickest possible time.
We now see why you need to disable directory listing. Attackers can view all the files on your website by accessing the directory listing. They can get all the information about your website including some imperative information like wp-config.php file, the notes with passwords and other configuration files. Knowing this information may allow them to analyze your website and attack it easily. Therefore, you should disable the directory listing to secure your website up to an extent.
How to Disable Directory Listing on Apache Server?
Understanding the needs for disabling directory listing, you might be looking for the process to disable listing in your site. Before knowing the actual steps, there are several things that you should check and ascertain on your site.
First of all, your website must be hosted on an Apache server. This is not a critical issue because the majority of websites uses the Apache Web server. Your site must probably be on Apache server if the web server doesn’t use Windows. However, you must consult your web host to clarify it before executing the disabling procedure.
Secondly, your site should have .htaccess enabled feature. You use this file to make configurations on your server through your site. This feature is offered in commercial web host and not on the free plans. So, get a commercial web host plan if you can’t access it presently.
After satisfying the conditions mentioned here, you can proceed to the implementation of steps. Therefore, to disable directory listing on your website, you need to execute the following steps.
Download Your .htaccess File
You can download your .htaccess file in more than one way. No matter whichever method you use, the ultimate motive is to get your existing .htaccess file on your desktop. The most preferable technique of doing this is by using FTP software. Under this method, you need to operate a FTP software and navigate to the top section of your site’s web directory where the homepage is located. Here, you can find the .htaccess file which can be then easily downloaded.
Create a Backup of .htaccess File
Once you download the existing .htaccess file on your desktop, you should make a backup of the file. This helps you in case of any errors as you may need to modify the .htaccess file. If you don’t create a backup and make an error, you may lose relevant information about your existing site. Hence, create a duplicate file of .htaccess before opening the file for executing further steps.
Modify Your .htaccess File
Once you have created a backup of your .htaccess file, it’s time to open the file. You can use any advanced text editor to modify the file. It should be noted that you should strictly use a text editor, like Notepad, and not word processors like Word, MS-Office or WordPad. Now, you should add the following line of text on your file.
You must remember to hit the ENTER button after using the above-mentioned line so that the file ends successfully.
Save Your .htaccess File
Upon modifications, you should save the modified .htaccess file on your desktop. This file should be saved in its original name i.e. “.htaccess” and not involve any other letters or characters. Now, your file is ready to be uploaded to your site. Thus, you should use a FTP software, which you used earlier to download the .htaccess file, to upload the modified version of the same file.
Once done, you can test your site and make sure it’s working properly. If your site works properly, you have completed the process successfully. Now you can disable directory listing on your WordPress site.