By default on Apache (Linux Hosting Plans), the ability to browse your site’s directory index and file hierarchy via your browser is enabled. This could cause some security issues, as it allows some of your sub-directories to be explored in a web browser via anyone who types in the correct path in their address bar. An example of what directory indexing looks like can be seen below:
As you can see, I can now browse and access all of the files and directories within the wp-includes directory of this WordPress site.
There are a couple of ways to disable this and make sure site visitors aren’t able to view an index of your directories. It only occurs due to there being no default index page set, such as index.php or index.html within the directory being browsed.
Please note: Directory browsing is disabled by default on our IIS servers (Windows hosting plans), so you won’t have to worry about this occurring.
Using Your .htaccess File
Using your .htaccess file to disable directory indexing is one of the simplest ways to prevent the above occurring. It requires a single line of code that you can put at the top of your .htaccess file within the directory you’re wishing to disable indexing in. Input the following code, ensuring there is white space on the line below it:
#Disable Directory Indexing Options -Indexes #Re-enable Directory Indexing Options +Indexes
If this has proven successful, you will now receive an Error 403 page, showing that permission to browse the index of the directory has been denied, as shown below.
Using the Control Panel
Within the control panel, you should be able to see three options for how you wish to manage directory indexing.
1. Click Domain Settings.
2. Click on the domain you’re using for the site you’re wishing to disable directory indexing on and then click the Edit Web Service icon.
3. Select the Disable option from the Indexes section shown below.
Enabled: This enables the ability to browse the index of directories. You’d want to enable directory indexing if you would like a quick way to view a list of files to download, such as if you have a directory full of PDF’s, MP3’s etc, that you’re wanting to view/download conveniently.
Disabled: This disables the ability to browse the index of directories. It provides obscurity when trying to access important directories/files on your website, so makes it a little more difficult for an attacker to perform reconnaissance on your site.
Fancy: This enables the ability to browse the index of directories. The difference between fancy indexing and standard indexing is that fancy indexing allows the HTML to detect MIME types and other key properties of files to be displayed. A good example would be if it detected a .pdf file, it would display the associated .pdf icon to allow for quick identification.
4. Click the big red Apply button to confirm the changes on the server’s end. They make take up to 5 minutes to take effect.
5. Attempt to visit the directory in your browser. You should receive a 403 error.
Last modified: 06/05/2019