How to Prevent Directory Browsing in your WordPress Site

How to stop search engines from indexing your directories? Well, there are two separate steps-one is done via the  htaccess file and the other one is done via robots.txt file. First, you got to know why you wanna do this. In WordPress plugins and themes are outdated and there are security vulnerabilities that hackers take advantage of. So if a hacker can identify which plugins and themes you have, they can get a good understanding of how to infiltrate your site. So if you go to Google and search for
inurl :”/wp-content/plugins/”
and what you’ll find is millions of results where people’s web sites have subdirectories indexed that really should not be indexed and that’s what hackers can use to infiltrate those sites. So directly browsing is when a hacker can actually see what is installed in a new site.
For example, here if you click on the link below
index

index of /wp-content/plugins/revslider

2016-07-10 19_12_18-Index of _wp-content_plugins_revslider

 It shows a specific plugin that is running on this site called revslider. You can click on the parent directory link at the top and actually shows you a listing of all the plugins on this website. So a hacker can easily cross reference the listed vulnerabilities with the plugins there and can get into the site really easily.
So we want to prevent anyone for having access to these pages. For this what you are gonna do is add a little script to the htccess file that will render these pages to load blank so there’s no information there and you can also add a little script to the robots.txt file so that your website does not show up like this in the search results. By doing this you can stop Google from going into these directories and indexing them and that’s what you want to do
So go to your hosting account and scroll down to find the file manager. Click on it to open the document root for whatever website you want to secure.

 

File manager

File manager

And then you’ll see htaccess file here.

htaccess

htaccess

If you don’t see that file you can actually just click on New File on left hand side and type in htaccess and click on Create new file.

create new file

create new file

 If you have an existing htaccess file before you make these edits you want to do a backup of the htaccess file so that if something goes wrong you can quickly activate the file you know that works. You can also do this via FTP where you can log into the document or to the website root via FTP and edit or create htaccess files via that root.
To edit the htaccess file, click on it and paste the code
code

code

directory browsing block

Directory browsing block

Directory browsing block is an Apache code. Apache is the world’s most used web server software. So this code says ‘options minus indexes’ and that blocks directory browsing.
So the folders that are not supposed to public are rendered as blank when this code is in the each htaccess file. If you click on Save Changes and we go to your demo site and type the
site-name/wp-content/plugins, you should receive a blank file.
blank page

blank page

The last step you want to take so that your indexed directories to not show up in Google. You don’t want to be part of ten million websites that are is blatantly telling hackers a wanna be hacked.
indexed directories

indexed directories

So what you do is go back to your document or website root and create a robots.txt file.
create robots txt file

create robots txt file

It’s just a blank file, just a text file. You just have to add a script below:
disallow

disallow script

The robots.txt file is opened by all search engines and basically tells search engines what they’re allowed to do on your site and not allowed to do. If you don’t have a robot’s file the search engine assumes they can index whatever they want. So the disallow script disallows the indexing of all sub folders that start with ‘wp‘ and have anything after ‘wp‘.
wp-folders

wp-folders

So it doesn’t index anything in these folders. One thing to note is it is ultimately the search engines choice to honor your request to not index those links so you might still find them in the search results.
So now you know how to stop directory browsing and load blank pages instead of directory listings with sets of files, plugins and themes you have running on your site. Also, you know how to hopefully block search engines from indexing those subfolders that they shouldn’t be indexing so that hackers don’t have easy access to your site.

Christine

Christine

Author at onlineshouter
Christine writes for people who seek for knowledge about SEO, blogging, online marketing, gadgets and web apps.
Christine

Leave a Reply

Your email address will not be published.