In my post about the Top 10 Silly Mistakes, a lot of readers were surprised about one particular seemingly “common” mistake, which is not turning off directory browsing for your folders.
This is really simple to do, and will avoid your web content from being stolen as people will not be able to browse the contents of your folder by typing it into the browser. If you type in www.yoursite.com/wp-content/plugins and directory browsing is not turned off for your web site, you can see the content of the entire folder, like this:
This exposes your website to thieves and hackers, making their lives much easier and serving your files to them on a silver platter.
To turn off directory browsing, simple log into your Cpanel account and look for the “Index Manager” icon, click on it.
This will take you to another page where you can turn off directory browsing for individual folders, or for the entire site. Usually, to turn off indexing for the entire site you need to click on the root folder, which is public_html
Finally, change the settings from “Default System Setting” to “No Indexing”. Now, your folders should be protected from peeping toms forever.
Running an online business involves learning how to secure your website, intellectual property, and business processes from people that mean to do you harm, and turning off directory browsing is the easiest (but most overlooked) way to get started in the right path.
No related posts.
{ 38 comments… read them below or add one }
Really its a very helpful tips. I have seen many people are really not concern about this tricky important fact. Even though they know, they don’t know how to protect. Hope this one will help bloggers to protect their blogs from being hacked.
Anyway, anyone one can also protect directory browsing by just only placing a blank index.php file in every directory where they don’t have any index.php file. But have to be careful in few things. So I also prefer Gobala’s suggestion. Its very straight forward. thanks Gobala.
Very useful tips Gobala…I never thought that this could make peeping toms away. Hopefully it will…anyway, I’ve turned the indexing off on my site. Thx for your tips.
Above you stated:
In my post about the Top 10 Silly Mistakes, a lot of readers were surprised about one particular seemingly “common” mistake…
Then I looked on this page because I wanted to find the article on “Top 10 Silly Mistakes.” I found no way to access this or any ARCHIVE listed.
Gabala, how does one find this article or any previous ones you’ve written? Thank you & great article on securing your Directory Browser!
Sorry, forget posting the last comment – I just now saw your ARCHIVE listed at the very top of this pg.
Just woke up!
Thanks For helpful tip.
No problem
Thanks for the tips Gobala! I never thought of that one before.We need to protect our web content at all cost.
Great tips, I never thought of this before, really help in protecting my websites. I wonder what other security measures I might have overlooked.
Thanks Gobala.
Hi Gobala. Thanks for your tips. Myself new bie in blog your advice really helpful especially like me using personal hosting
Dear Gobala,
Thank you so much for this.
Usually I upload a blank .html file in every folder but this will save me a lot of effort.
Hoping to meet up with you at JomSeminar and any other times.
See you, my friend.
Galadriel.
O Golly, I even read the previous article and did not notice this problem. I’m glad I came back to your blog!
Alex
Gobala, this is a perfect and very useful tip. I will spread this post on the forums because this is a must to know for every blogger.
Great article! Thank you very much for sharing this valuable tip with everyone! Definately will come back for more:)
Regards,
Kate
Thank you very much Gobala
This is a great tip on security and will save me a lot of work.
Fernanda Estrada
I want to add that if you use the Apache Webserver,
there exists a very old bug, but it can still be found on many servers out there.
Even if Directory browsing is disabled and
somedomain.com/someurl/
would deliver the index.html page,
adding a second slash would show the directory to you
somedomain.com/someurl//
Try it our, and if it applies to your Webserver do the upgrade.
Also look into the term “Google Hacking” where you see that the Google Search Engine can exploit private information if your webserver is not patched to the latest version.
off topic, what is ‘Unique Article Automator’? if the screen shot is yours, it sounds like ur into splog, spamming the blog with spammy articles… which I doubt it is true. What is it? What is ‘Unique Article Automator’
You’re obviously not ready for the answer. So I won’t give it
Yes I do that but I also have a autoban script located as index.php in my main images directory that blocks any user from all my site if he tries that.
I googled for the plugin and found the answer, if that is the key to success then I know what I should do.
anyway, respect goes to you for not filtering the comments.
Great tips, My self did not realize the method to protect the file, i always wonder why some people website have the list, and some did not…
This is really good information, i usually do.. peeping like that way to check which competitors using which plugin
and never find out the solution for that.. infact never tried out to find out but now, seem like i got it good information .. 
doing stumble and yes advance congrats and best wishes for your new marriage life 
Thank you!! I never knew I needed to do this before.
stephanie
Thank you..
This information is vwry useful..
Thank you for the tips.It’s helpful.
Thank you for this topic.
I never know how to protect my directory before…
But I know this trick(See the directory)…
But, how about the SEO?
Does “no-index” bring something that “no-index” for spiders and bots too?
i already know about that and fixed after i know my mistake. Its good guidelines and thanks for telling us about that.
Wow thanks god i found this post , now i will turn of all my sites index, i hope u can post other usefull tricks about website security
you really good person i ever known…thank u very much for this task, its all really helpfull for protected against hacker, but it’s still many ways to get it. i really appreciate for this your article, i love it
Thanks for the tutorial on disabling viewing for web directories.
I already disable my indexes in my control panel.
Thanks for the really helpful tips Gobala…
It prevents our sites…
Again, appreciate your tips
Totally awesome…
Great and really helpful tips
WAS also great material
One of my best investment…
You are my fave WP guru
Hi, thanks for this tutorial, but I see your own directory browsing still turn on
Is it? I didnt see any?
Yes, I can also see your directory index – http://gobalakrishnan.com/wp-content/themes/
Does this have any effect on search engines for SEO stuff? This does not tell search engines not to spider the page right?
nope it does not have any effect on search engines
i fixed that, thanks Gloson
Thanks gobala..
i don’t know about that before..
Your tips really help me to protect my web content