FAQ: How to disable directory browsing in cPanel/WHM

 

Usually the DirectoryIndexes value should be turned on by default on a cPanel/WHM server, so you can either disable it serveriwde or just disable it for a single site.

First of all, why we should disable it? Is this needed at all? Disabling directory browsing is always a good idea in order to protect your sites from hackers and etc. By default, anyone on the Internet can view the files contained in any directory in your WordPress installation that doesn’t contain an index.php file.And unfortunately, there are several important directories that don’t have one. It looks like this in any browser:

Hackers can use this in order to check which plugins you’re using and they can take advantage of this in order to compromise your site. There are a lot of dodgy/faulty plugins that can serve as a back-door to your WordPress administrator area due to security vulnerabilities. On a different note, if you have a photography site for example and you have some important and private pictures which are not posted to your site, but are uploaded in the WordPress gallery can be easily browsed via the web as well.

Disabling the directory browsing will increase the security of your site and can prevent people from accessing your personal information like images and files which are not yet published on your site. Let’s see how we can disable it on a cPanel/WHM server.

If you want to disable this for the whole server you can do it  via WHM. In order to do that just follow the listed steps:

1. First log into WHM
2. Via the search bar find and access the Service Configuration and then click the Apache Configuration
3. Then you need to access Global Configuration

4. Here scroll down to Directory ‘/’ Options

5. Untick the Indexes option:
6. Then press Save button below
7. Finally, rebuild by clicking “Rebuild Configuration and Restart Apache” button and once this is done the directory browsing will be disabled for the whole server.

However if you want to disable directory browsing just for one site on your server you can do this via the site’s .htaccess file or via the cPanel control panel.
You can add the following line to your site’s .htaccess file in order to disable it:

 

You can also disable the directory browsing via the Control Panel:
1) Login to your cPanel interface.
2) Click the icon ‘Indexes’ under ‘ADVANCED’ category.

3) Select the directory for which you want to change the index settings.

4) A new window will open and here you can click ‘No Indexing’ option to disable directory listing.

Here you can see four types of indexing methods.

Default System Indexing: This is the default option set by a hosting provider.

No Indexing: This option allows to disable directory listing. The main reason to disable directory listing is to enable privacy in order to reduce the chances of the files being attacked.

Standard Indexing: This option will enable the directory listing. User can see the name of the directories.

Fancy Indexing: This option will enable the directory listing. User can see the name and description of the files and directories under your indexed directory.

5) Click Save.

Now if you access the pages which does not have an index file you should see a Forbidden page error in your browser.