{"id":15820,"date":"2026-02-06T07:35:04","date_gmt":"2026-02-06T07:35:04","guid":{"rendered":"https:\/\/www.copebusiness.com\/?p=15820"},"modified":"2026-02-06T14:04:18","modified_gmt":"2026-02-06T14:04:18","slug":"disable-directory-browsing-wordpress","status":"publish","type":"post","link":"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/","title":{"rendered":"How to Disable Directory Browsing in WordPress (Easy Guide)"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">Directory browsing in WordPress allows anyone to view and access the contents of your site&#8217;s folders (e.g., \/wp-content\/uploads\/) by simply entering the URL in a browser. While convenient for developers, it\u2019s a major security risk \u2014 hackers can discover sensitive files, themes, plugins, or images and exploit them. With automated scanning tools more sophisticated than ever, disabling directory browsing is a fundamental security step to prevent unauthorized access, data leaks, and potential attacks.<br><br>At Cope Business, we always disable directory browsing during our <a href=\"https:\/\/www.copebusiness.com\/technical-seo-services\/technical-seo-audit-service\/\" target=\"_blank\" rel=\"noreferrer noopener\">technical SEO audit services<\/a> and site hardening processes \u2014 it\u2019s quick, effective, and helps maintain a secure, performant site.<br><br>This easy guide explains why you should disable it, and three simple methods to do so in WordPress \u2014 using .htaccess (most common), plugins (visual), and hosting settings.<\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-left counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">On this page<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #0a0a0a;color:#0a0a0a\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #0a0a0a;color:#0a0a0a\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Why_Disable_Directory_Browsing_in_WordPress\" >Why Disable Directory Browsing in WordPress?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Check_If_Directory_Browsing_Is_Enabled\" >Check If Directory Browsing Is Enabled<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Method_1_Disable_Using_htaccess_Easiest_Most_Reliable\" >Method 1: Disable Using .htaccess (Easiest &amp; Most Reliable)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Method_2_Disable_Using_a_Plugin_Visual_Beginner-Friendly\" >Method 2: Disable Using a Plugin (Visual &amp; Beginner-Friendly)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Method_3_Disable_via_Hosting_Control_Panel_If_Supported\" >Method 3: Disable via Hosting Control Panel (If Supported)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Best_Practices_After_Disabling_Directory_Browsing\" >Best Practices After Disabling Directory Browsing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.copebusiness.com\/fr\/technical-seo\/desactivez-repertoire-rowsing-wordpress\/#Final_Thoughts\" >Final Thoughts<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Why_Disable_Directory_Browsing_in_WordPress\"><\/span>Why Disable Directory Browsing in WordPress?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Prevent Security Risks<\/strong> \u2014 Exposes file names, plugins\/themes versions, which hackers can use for targeted attacks<\/li>\n\n\n\n<li><strong>Protect Sensitive Data<\/strong> \u2014 Hides backups, config files, images, or uploads from public view<\/li>\n\n\n\n<li><strong>Improve Privacy<\/strong> \u2014 Stops competitors or bots from scraping your directory structure<\/li>\n\n\n\n<li><strong>SEO &amp; Performance<\/strong> \u2014 No direct impact, but secure sites rank better long-term<\/li>\n\n\n\n<li><strong>Compliance<\/strong> \u2014 Helps with GDPR\/CCPA by reducing accidental data exposure<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If browsing is enabled, anyone can type yoursite.com\/wp-content\/ and see a list of files \u2014 disable it to show a 403 Forbidden error instead.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Check_If_Directory_Browsing_Is_Enabled\"><\/span>Check If Directory Browsing Is Enabled<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ol class=\"wp-block-list\">\n<li>In your browser, go to yoursite.com\/wp-content\/ or \/wp-content\/uploads\/<\/li>\n\n\n\n<li>If you see a file list (Index of \/) instead of 403\/404 error, it\u2019s enabled \u2014 time to disable!<\/li>\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method_1_Disable_Using_htaccess_Easiest_Most_Reliable\"><\/span>Method 1: Disable Using .htaccess (Easiest &amp; Most Reliable)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">This works on Apache servers (most shared hosting like SiteGround, Bluehost, Hostinger).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Steps<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Access your site via FTP (FileZilla) or hosting file manager (cPanel > File Manager).<\/li>\n\n\n\n<li>Locate .htaccess in the root folder (where wp-config.php is) \u2014 backup first!<\/li>\n\n\n\n<li>Open and add this line at the top or bottom:text<code>Options -Indexes<\/code><\/li>\n\n\n\n<li>Save and upload.<\/li>\n\n\n\n<li>Test: Go to yoursite.com\/wp-content\/ \u2014 should show 403 Forbidden or blank page.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>For NGINX Servers<\/strong> (VPS like DigitalOcean, Cloudways):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Contact your host or add to server config:text<code>autoindex off;<\/code><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Pros<\/strong>: No plugins, server-level protection, very lightweight.<br><strong>Cons<\/strong>: Requires FTP access; not all hosts allow .htaccess edits.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method_2_Disable_Using_a_Plugin_Visual_Beginner-Friendly\"><\/span>Method 2: Disable Using a Plugin (Visual &amp; Beginner-Friendly)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Plugins automate the process with one-click toggles.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Recommended Plugin: All in One WP Security &amp; Firewall (Free)<\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Install <strong>All in One WP Security &amp; Firewall<\/strong> from <strong>Plugins > Add New<\/strong>.<\/li>\n\n\n\n<li>Activate \u2192 Go to <strong>WP Security > Firewall > Basic Firewall Rules<\/strong>.<\/li>\n\n\n\n<li>Enable <strong>Disable Directory Listing<\/strong> (or \u201cPrevent Directory Browsing\u201d).<\/li>\n\n\n\n<li>Save Changes \u2014 plugin adds the necessary .htaccess rules automatically.<\/li>\n<\/ol>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Alternative Plugin<\/strong>: <strong>Prevent Direct Access<\/strong> (free\/pro) \u2014 Also protects specific files\/folders.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Pros<\/strong>: Instant, reversible, includes other security features.<br><strong>Cons<\/strong>: Adds one plugin (but it\u2019s a great all-in-one security tool anyway).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Method_3_Disable_via_Hosting_Control_Panel_If_Supported\"><\/span>Method 3: Disable via Hosting Control Panel (If Supported)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Many hosts have built-in options.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>SiteGround<\/strong>: Site Tools > Site > Security > Directory Indexing \u2192 Disable.<\/li>\n\n\n\n<li><strong>Bluehost<\/strong>: cPanel > Security > ModSecurity \u2192 Enable (often blocks browsing).<\/li>\n\n\n\n<li><strong>Hostinger<\/strong>: hPanel > Advanced > PHP Configuration \u2192 Add Options -Indexes to .htaccess.<\/li>\n\n\n\n<li><strong>Cloudflare<\/strong>: Rules > Firewall Rules \u2192 Block directory listings.<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Contact your host if unsure \u2014 they often do it for you.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Pros<\/strong>: No WordPress changes, server-level.<br><strong>Cons<\/strong>: Not all hosts offer it.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Best_Practices_After_Disabling_Directory_Browsing\"><\/span>Best Practices After Disabling Directory Browsing<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Test Thoroughly<\/strong> \u2014 Check key folders like \/wp-content\/uploads\/ show errors<\/li>\n\n\n\n<li><strong>Monitor Logs<\/strong> \u2014 Use security plugins to alert on 403 access attempts<\/li>\n\n\n\n<li><strong>Additional Security<\/strong> \u2014 Change database prefix (see our <a href=\"https:\/\/www.copebusiness.com\/wordpress\/change-wordpress-database-prefix-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">guide<\/a>), limit logins, enable 2FA<\/li>\n\n\n\n<li><strong>Performance<\/strong> \u2014 No impact \u2014 pair with caching for faster site<\/li>\n\n\n\n<li><strong>SEO<\/strong> \u2014 No direct effect, but secure sites rank better long-term<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">Disabling browsing cuts a common attack vector \u2014 do it on every site.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Final_Thoughts\"><\/span>Final Thoughts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Disabling directory browsing in WordPress is a quick, essential security upgrade that protects your files from prying eyes. Use the .htaccess method for most sites \u2014 it\u2019s simple and effective.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Security is layered \u2014 this is one easy layer.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Experiencing security issues or need a full site hardening audit? <a href=\"https:\/\/www.copebusiness.com\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">Contact Cope Business<\/a> for a free technical SEO consultation \u2014 we\u2019ll disable browsing, secure your site, and optimize it for performance and peace of mind.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Directory browsing in WordPress allows anyone to view and access the contents of your site&rsquo;s folders (e.g., \/wp-content\/uploads\/) by simply [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":15822,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[],"class_list":["post-15820","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technical-seo"],"jetpack_publicize_connections":[],"_links":{"self":[{"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/posts\/15820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/comments?post=15820"}],"version-history":[{"count":1,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/posts\/15820\/revisions"}],"predecessor-version":[{"id":15823,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/posts\/15820\/revisions\/15823"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/media\/15822"}],"wp:attachment":[{"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/media?parent=15820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/categories?post=15820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.copebusiness.com\/fr\/wp-json\/wp\/v2\/tags?post=15820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}