Prevent Directory Browsing:
By default, most hosts allow directory listing. So, if you type
www.yourblog.com/wp-includes in the browser’s address bar, you’ll see all of the files in that directory. This is definitely a security risk, because a hacker could see the last time that files were modified and access them.
The solution (Updated)
Just add the following to the Apache configuration or your .htaccess file:
Please note that it’s not enough to update the blog’s robots.txt file with
Disallow: /wp*. This would prevent the wp-directory from being indexed, but will not prevent users from seeing it.