Disable Directory Browsing

Directory browsing one of the most common security flaws in a WordPress site. By default, the webserver enables directory browsing. This means that all files and folders inside the root directory of the webserver are accessible by a visitor.

This vulnerability allows anyone to browse the contents of the wp-content/uploads folder or any other directory which doesn’t have the default index.php file.

Edit .htaccess

Add the following code snippet to the .htaccess file to disable directory browsing:

# Disable directory browsing
Options All -Indexes

That’s it, you’re done!