Directory browsing one of the most common security flaws in a WordPress site. By default, the webserver enables directory browsing. This means that all files and folders inside the root directory of the webserver are accessible by a visitor.
This vulnerability allows anyone to browse the contents of the wp-content/uploads
folder or any other directory which doesn’t have the default index.php
file.
Edit .htaccess
Add the following code snippet to the .htaccess
file to disable directory browsing:
# Disable directory browsing
Options All -Indexes
That’s it, you’re done!