If you don’t lock down your directories, people can come along and poke through them and take your images and sometimes even pirate a copy of your theme. (though I doubt they’d be able to update it, but still, it’s the principle of the thing)
Easy-peasy fix for this. But first go test if your site is unsecure at the moment. I’ll wait. Type in
And you’ll likely see a list of your images, themes and plugins. Yowza!
But there’s a simple fix, just a line of code in your .htaccess file. Navigate to the .htaccess file you need for any particular site (remember you might need to look in the root directory if it’s the main domain) and paste in
# Disable directory browsing Options All -Indexes
before the comment ending WordPress (# END WordPress). Here is another site explaining the steps to prevent people seeing your directories. They list a few plugins that can do this for as you as well if editing files is not your jam.
- WP safely disable directory browsing
- Hide My WP – WordPress Security Plugin
- AB WP Security