Prevent virtual directory listing services from listing the contents of directories, and/or show a page in place of a directory's listing.
Prevent virtual directory listing services from listing the contents of directories, and/or show a page in place of a directory’s listing.
The Apache web server can be configured to automatically display the listings of the contents of a web site’s file directory if no index file (i.e. index.html or index.php) is present. This can expose files and information to visitors. Of course the web server could be configured to not do this (the recommended approach), but sometimes you don’t have permission (you’re on a shared host), the know-how, or you want to selectively disallow virtual directory listings. That’s where this plugin can help.
If you want to test if your site has virtual directory listings enabled, try visiting http://www.YOURSITE.com/wp-includes (obviously, change the domain to match your own). If you see a listing of PHP files then virtual directory listing is enabled for your site.
This plugin can prevent visitors from seeing the contents of certain (or all) directories on your site (assuming your web server generates virtual directory listings). It also allows you to use a WordPress page as the index for a directory
By default, the following directories are protected:
It does NOT protect any other directory by default. You can change this via the plugin’s admin settings page.
TIP: When this plugin is activated (and more specifically, ater the permalink structure is updated as per the instructions below), WordPress will generate the themed 404 – Not Found page. If you were to create a Page with the same name as one of the directories being disabled (i.e. ‘wp-includes’ or ‘wp-content’) then that page will be displayed instead of the 404 error message. If you want to display a page for the ‘plugins’ and ‘themes’ directory, you must create them as children pages of a ‘wp-content’ page.
NOTE: This plugin only works for the Apache web server.
Links: Plugin Homepage | Author Homepage
disable-directory-listings.zip
inside the /wp-content/plugins/
directory for your site (or install via the built-in WordPress plugin installer)Settings
-> Directory Listings
admin options page. Optionally customize the list of directories.Settings
-> Directory Listings
admin options page and follow the instructions to update your .htaccess.Note: If your .htaccess is not writable, then you must perform step 4 when activating or deactivating the plugin, and when updating the plugin’s options. Otherwise, step 4 is not necessary.
Create a page (not post) with the same name as the directory. And ensure the directory is listed in the plugin’s settings (found at Settings -> Directory Listings
). If the directory you wish to create a page for is below another directory (relative to the root directory of your site) such as wp-content/plugins
, then you must first create a page named wp-content
, and then a page named plugins
which you need to make a child page of wp-content
.
Is your .htaccess writable? Visit the plugin’s options page, Settings -> Directory Listings
, to check and find out more info.
Yes. Assuming you already have virtual directory listing enabled and have edit/write capabilities on Apache’s httpd.conf file (or the .conf file containing the configuration for your site) you could remove the Indexes
option, so that, for example:
Options All Indexes FollowSymLinks MultiViews
becomes
Options All FollowSymLinks MultiViews
Or you could add:
Options -Indexes
If you have the capability and knowledge to do this, that’s great and I urge you to do so. However, if you don’t have that capability because you are on a shared host and can’t edit Apache’s httpd.conf file, or you want some easier, fine-grained controls, you can give this plugin a shot.