How To Disable Directory Browsing Using .htaccess File

how to disable directory browsing using htaccess

There are many files stored on your web hosting server. Some of the directories are special and have a strong need to get protected. If you notice that your wp-incudes directory is showing or indexing in the Google then what would you do? You should disable directory browsing in WordPress so that all the directories like wp-includes, wp-content won’t be seen by anyone.

You all know that in the wp-content directory all of your plugins and the theme you are using on your WordPress website are present. If users can access this file then you are inviting the hackers. You are showing the vulnerability of your website.

Why Should You Disable Directory Browsing In WordPress

There are many bloggers who don’t even think about these things. You can build an enormous website but it can’t be done without the security of your WordPress website. You should know all the possibly vulnerable files and directories which should be protected by you.

If the directory with the name wp-includes is showing then you are allowing the users to check all the images and many sensitive data from your website to access. You know that hackers seek for such kind of vulnerabilities in your website.

So you should know how to disable directory browsing using .htaccess. In this post, I am going to provide you the best way to hide your directories.

Use The .htaccess File To Accomplish This Task

You can check whether the wp-includes directory can be seen by your users or not. It can be done by typing your domain name followed by the directory name.

wp-includes is showing

If you can see the content of this directory then you should disable it’s browsing. You can do that using the .htaccess file. There is a simple code of one line which should be embedded in the .htaccess file using the cPanel of your web hosting account. To edit the .htaccess file you have to follow some steps:-

Step 1:- Login to your cPanel and go to the “files” section.

Step 2:- Click on the “file manager” option and then “go”. Make sure that you have enabled to show the hidden files of your “webroot” directory. It’s because your .htaccess file is the hidden file which can be noticed by the dot.

Step 3:- Find the .htaccess file and right click on the file. Choose an “edit” option and your file will open for you to edit.

Step 4:- The code shown below should be written in the bottom of the .htaccess file and then click on the save button.

Options -Indexes

Now you can check it again by typing the domain name followed by the directory name. There will be an error 403 showing.

disable directory browsing in wordpress

Now you have successfully disabled the browsing of your wp-includes directory and no one can see the content of this directory.

Can You Now Disable Directory browsing in WordPress

There are many important things people forget to do for their WordPress website. As I always say, WordPress security is the most important thing to do.

You can’t allow anyone to ruin your hard work within few minutes. Sometimes when wp-content and wp-includes directories get indexed then you remove the URL from Google but it doesn’t mean your users can’t see the content by typing the URL.

To restrict the access you should know how to disable directory browsing using htacccess file. The code shown above works fine and you would be happy to see the results.

Taking another step towards securing your WordPress website is needed. Just copy and paste the code. If you still face any problem then I am here to help you.

You can connect with us on Twitter, LinkedIn, and Facebook.

by Ravi Chahar

A WordPress Professional and the LinkedIn Influencer. A coder by passion and a blogger by choice. WordPress theme development is his forte. He is your WordPress guy who will teach you how to solve WordPress errors, WordPress security issues, design issues and what not.

Get Free Updates Into Your Inbox

Learn Everything Just Like I Did



  1. Hey Ravi,

    Nice work here man. I’ve always heard about how disabling directory browsing can be good for web security especially WordPress and damn I’ve never thought of disabling it even though I almost got hacked a few months ago by some asshole.

    I guess it’s time to put these to work.. Thanks for making this look ridiculously easy to setup and implement.

    Good one here. And thanks as well for visiting my blog. You have a very nice blog here.

    Best regards,

    1. Hi Babs,

      I am glad that you found this tutorial helpful.

      Yeah, you should hide your WordPress directories. People are out there seeking for some vulnerability and I am sure you won’t let them do it.

      The time is here to take an action. You should do it as soon as possible. The security of your WordPress website is needed to improve.
      Thanks for sharing your thoughts.
      Have a great day.

  2. Hi Ravi,

    Wow, I had no idea about this but I will be checking into it to see if I need to take further action.

    Just so many little things can cause major problems if they aren’t taken care of.

    Thanks again for sharing.

    1. Hey Monna,

      In WordPress, there are many things to learn. The directories should be hidden so that no one can see the files of your website. The action should be taken as soon as possible.
      Thanks for stopping by and commenting.
      Have a nice week ahead.

Leave a Reply

Your email address will not be published. Required fields are marked *