Prevent Directory Browsing:
The problem
By default, most hosts allow directory listing. So, if you type www.yourblog.com/wp-includes
in the browser’s address bar, you’ll see all of the files in that directory. This is definitely a security risk, because a hacker could see the last time that files were modified and access them.
The solution (Updated)
Just add the following to the Apache configuration or your .htaccess file:
Options -Indexes
Code explanation
Please note that it’s not enough to update the blog’s robots.txt file with Disallow: /wp*
. This would prevent the wp-directory from being indexed, but will not prevent users from seeing it.
No Comments