Directory browsing one of the most common security flaws in a WordPress site. By default, the webserver enables directory browsing. This means that all files and folders inside the root directory of the webserver are accessible by a visitor.
This vulnerability allows anyone to browse the contents of the
wp-content/uploads folder or any other directory which doesn’t have the default
Add the following code snippet to the
.htaccess file to disable directory browsing:
# Disable directory browsing Options All -Indexes
That’s it, you’re done!