WordPress and Website Owners Do You have Directory Listing Enabled?

Call it my negligence or anything else but since the day I setup this website, I did not care to go back and check if I had taken care to disable directory listing on all the folders in my website. For those who are wondering what Directory Listing is, a simple explanation could be that with Directory Listing enabled, your web server will list or show all the files and folder within a folder that does not has an index file. A nice example is when you open yourdomain.com/wp-includes/ (wordpress only) it will display a listing of all the files and folders within that directory with the directory listing turned on. See the picture below for better understanding of this:

At times this is really not harmful, but if you have uploaded some critical files, like I did, containing your personal information such as passwords list in plain text file then you better think about it and turn the directory listing off as soon as you can! Others who have already turned off directory listing, that’s good!

I usually go through a checklist when I setup new domains and it has a point to turn the directory listing off, but I missed it this time and I had to change all the my passwords which were mentioned in that file (7 accounts in total).

If you happen to be using CPanel, you will find Index Manager option under Site Management, just click on it and have the directory listing turned off! That’s it. You may also use htaccess file to turn off the directory browsing on all your folders if your site contains lot of folders.

If you have some tips for our readers, please don’t forget to post them in the comments here.