If your website runs on an Apache web server (used by the majority of WordPress hosts), you can disable directory browsing using the .htaccess file located in your website’s root directory.
<table class="file-table"> <thead> <tr> <th>Name</th> <th>Last modified</th> <th>Size</th> </tr> </thead> <tbody> <!-- Parent directory link (standard index behavior) --> <tr style="background:#fbfbfd;"> <td class="filename"> <span class="icon">⬆️</span> <a href="/parent-directory/" class="parent-link">Parent Directory</a> </td> <td class="file-date">—</td> <td class="file-size">—</td> </tr>
Locate the .htaccess file in the folder causing the issue (e.g., /wp-content/uploads/ ). Add the following line to the file: Options -Indexes Use code with caution. Save the file. 2. Nginx Servers index of parent directory uploads
When you see this line, you are looking at a "directory listing" or "autoindexing." This is an automatic index page generated by a web server (like Apache, Nginx, or Microsoft IIS) for a folder that does not contain a default index file, such as index.html or index.php . Instead of displaying a webpage, the server simply shows a list of all files and subfolders within that directory.
Upload this blank file directly into your /uploads/ directory and any subdirectories. If your website runs on an Apache web
While listing files might seem harmless, it provides attackers with a roadmap of your website’s files.
You would be shocked at what people upload: scanned passports, tax returns, medical records, and employment contracts. An indexed page makes these files searchable and downloadable by anyone. Save the file
Or simply place an empty index.html file inside every uploads subdirectory.
I can provide the exact step-by-step commands or rules to secure your files.
Some common issues that may arise with the index of parent directory include: