Prevent directory listing in wordpress

Prevent/block directory listing in wordpress with this .htaccess file trick.In wordpress, by default, your themes and plugins directory can be viewed via the web browser.This could be dangerous, if hackers get to know your themes and plugins.

Disadvantages of directory listing:

  • If hackers get to know the plugins and themes used on your blog, they could try to exploit bugs in those themes and plugins to hack your blog.Note that wordpress makes security release (wordpress 2.6.2 is the latest) for the wordpress base code and not for security holes in your wordpress themes/plugins
  • People can find out the files and folders, that you might have saved on your server and not intended for the general readers.

You can check whether your plugin and theme folders are viewable via the web brower, by entering http://your-wordpress-home/wp-content/plugins/ or http://your-wordpress-home/wp-content/themes/. Replace “your-wordpress-home” in the above url with those of your wordpress home.For example my wordpress home is

How to prevent directory listing in wordpress?

You can prevent/block directory listing in wordpress by two methods:

  • Upload a blank index.html file to the directories.For example, you could prevent directory listing of your themes folder by uploading a blank index.html file to the themes folder. i.e. http://your-wordpress-home/wp-content/themes/. However this would involve uploading blank index.html files to every directory for which you want to prevent directory listing. 🙁

The other easier option to prevent directory listing, is

  • to edit the .htaccess file, that lives in your WordPress root directory and add the following lines to the top:

# Prevents directory listing
Options -Indexes

Isn’t that easy? Go edit the .htaccess file in your wordpress root and add the option to prevent directory listing in wordpress.

7 comments on “Prevent directory listing in wordpress

  1. Yeah, I use a blank index file on my plugin directory as part of protection…you know I’m always afraid to go beyond .htaccess…me and .htaccess don’t go well hand in hand and it’s the part that I skip most of the time.


  2. Excellent tip!!


  3. @yan, It is better to learn the tricks to use .htaccess and not avoid it. It is an important file to use on wordpress.Whether it be for 301 redirects or for security or for wordpress super cache plugin.

  4. With the hackers becoming more active, i think i will do this right now

  5. Helpful Post…
    Implemented on My Blog…

  6. Thanks so much for this info. Worked like a charm. It was just what I needed. 🙂

  7. Wow ! Amazing tutorial !

Leave a Reply

Your email address will not be published. Required fields are marked *