MeiYah | Miah Laborte

How to Disable Directory Browsing on Your WordPress Blog

November 10, 2008

I have learned something new tonight (wweee!!) from a blog post of Marghil Macuha entitled “How to Disable Directory Browsing on Your WordPress Blog Easily“. I really have no idea about this matter until I have read Marghil’s post. So to all those who has a WordPress self-hosted blog and you want to protect it from the ‘hackers‘ then check out these links on your browser: (these are the sample links I got from Marghil’s post)

http://www.yourblog.com/wp-content/plugins/
http://www.yourblog.com/wp-content/plugins/akismet/
http://www.yourblog.com/wp-content/plugins/all-in-one-seo-pack/
http://www.yourblog.com/wp-content/themes/

replacing www.yourblog.com with your own domain name. You could also check other folders that you know exist on your wp-content folder.

If you see a list of files, it means that directory browsing is enabled on your blog host. This is a potential security problem because some people can check your plugins directory and exploit it if they see some of your outdated plugins.

One of the solutions to prevent this is to put a blank index.html file on your directories.

However, if you only put the index.html file on plugins directory, you only disabled directory browsing on plugins directory, and not on its sub-directories and other directories. So, you have to put index.html on all of the sub-directories to prevent them from accessing those sub-directories. But that’s a lot of work to do, isn’t it?

Here’s an easy option. You can do it easily by adding this line of code on your .htaccess file:

Options All -Indexes

Adding the lines above on your .htaccess file will disable directory browsing in all of your directories and sub-directories. They will see a 404 page instead.

Actually I am ashamed to tell you this but I really don’t know where I can find the .htaccess file! (LOL) Yeah, No kidding! hahaha… Not that techy kasi… So what did I do? I did made a blank index.html file, open my FTP account and tried to drag it on my plugins and themes section (mano mano kumbaga hahaha). Then I tried to check the links and *BOOM!* it became Coco Crunch! (LOL) Just kidding, I think, I made it? Hahaha… Hmm.. Maybe you would be wondering and wiould be asking ‘who will try to exploit your not so popular new blog?’ :p Well, we don’t know? What if I have made enemies here in the blogosphere (which I think will not happen? I’m mabait naman eh, LOL). Or there are just some people who happens to despise me a lot (I hope there are none). Or just someone who has nothing to do with their life and make this blog of mine as their subject for their hacking abilities. Well, it’s up to you guys if you want your Blogs or sites to be secured as for me I already have done it, so you should too if you care about your site/blogs, Disable Directory Browsing on Your WordPress Blog now! That’s all, Thank You Marghil for your post.

Your Ad Here