Easy-to-follow video tutorials help you learn software, creative, and business skills.Become a member
In this screencast, we increase the security of your WordPress installation by disabling directory views. Many hosts disable directory views on their servers by default, but it's important to know for sure. If your files are visible, there are a couple of easy effective ways to lock things down. An open listing of your files such as this one maybe the first thing a hacker sees before ultimately destroying your web site. When directory views are enabled, any directory that does not include some sort of an index file, such as an index.html file, will openly display a list of all files in the directory, as seen here.
Obviously, this is a huge security risk. If malicious individuals were to gain access to your WordPress configuration file, for example, they could easily access your database and steal sensitive data, destroy your entire site, and make your life miserable in general. Fortunately, disabling directory views is drop-dead easy. Simply open the root htaccess file for your site and add the following line, "Options -Indexes" with the correct casing--that is important--and put it preferably near the top of the file. It will work anywhere though.
We save the file and upload to the server. Now let's return to that open directory listing on the web. Let's hit Refresh. Excellent! We see the files no longer listed. This greatly improves the security of our site. If htaccess is not an option, you may prevent directory listings by simply adding a blank index.html file to any directory that doesn't already include one. Before doing so, let's reset our example directory by re-enabling file listings.
Once again file listings are enabled. So let's return to the FTP/file editor and upload our index.html file, which contains some simple code. Once that file has been uploaded, return to the browser, and reload the page, to see that our index file is in place and working and preventing open directory listings. The index.html file can be completely blank, but it may also contain any sort of markup desired.
In this example HTML file, I've included some basic markup to help demonstrate the technique. While most versions of WordPress include such faux index files by default for certain directories, there are still many subdirectories that should be protected. This is where the htaccess method is going to save time. But in the event that htaccess is not available to you, simply adding an index file to any open directory will work just as well. In this screencast, we've improved security by disabling directory listings.
Without this protection, you're taking an unnecessary risk. Using either htaccess or the blank file method, it's best to play it safe and lock things down.
Get unlimited access to all courses for just $25/month.Become a member
61 Video lessons · 100244 Viewers
56 Video lessons · 113221 Viewers
71 Video lessons · 82103 Viewers
131 Video lessons · 39401 Viewers
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.