When we visit a website, it retrieves data from the hosting service of that website. The hosting service has folders or directories created for that website to store and retrieve data. Generally, those folders can be accessible by default, which may lead to data thefts and online exploits; even there are chances to get hacked easily with such an open directory access. You may have noticed such accessible directory listing on some sites. An open directory on a website looks like the below screenshot:
For instance, if a website abc123.com has an open directory access, the contents of this site can be accessed directly like this: abc123.com/somefolder/. Now, you have a better idea how your site images, premium snippets, themes or plugins can be downloaded directly with an open directory access.
So, if your website directories are open to be accessed by default, you should ask your hosting provider to disable or restrict access of those directories. Or, if your hosting service supports cPanel, you can restrict access to your important folders by using Index Manager. Here is a short guide covering the use of Index Manager to block access to website directories (HostGator cPanel in screenshot), no matter what CMS you are using:
Note: If you’re going to disable directory listing in WordPress, do not set wp-admin folder to “No indexing” mode as it is responsible for WordPress login (for example: yoursite.com/wp-admin/). If we set it to “No Indexing”, the login page will start showing 403 Forbidden error! So, it’s better to leave that folder as it is. Other CMS users should also make a quick survey about important directories of your CMS before start disabling the directory indexing.
- Login to your cPanel and open Index Manager. If it ask for selecting a directory to open, choose Web Root (public_html/www).
- It will show up a list of directories in Web Root. Click on the name of the folder you want to restrict from access. Make sure you don’t clicked the Folder icon, which will open the list of sub-directories instead of Index Management options.
- In the Index Manager options, choose “No Indexing” and click save. Done!
Now, whenever someone will try to access that directory or it’s sub-directories, a “403 Forbidden, Access denied” message will appear.
Similarly, you can restrict access to other directories also and make your website more secure and it’s sensitive contents more private.