Open Script Solution

In WordPress, almost plugins that I have used, do not include the index.html or index.php file inside its directory. As default, up to WordPress version 2.8.4, there is no protection to prevent or to avoid directory listing the first time you access your website after you install your WordPress. Thus, you or even your visitor can type such as http://www.yourdomain.com/wp-content/plugins/akismet/ then, voila… you or they can see the directory list which has the files inside that /akismet/ sub directory. You should take care about this early. Otherwise, if your visitor know about the weakness of your plugins that you currently use, they can exploit the bugs and hack your website easily. To avoid this happened, there are three methods that you can do how to avoid the directory list in your WordPress.

1. The first method, you can create a blank file with name index.html and then put this file to each of your plugin sub directory. With this method, each time your visitor type such that address above, then they will see a white blank page. This method is not efficient, since you have to put this index.html file to all of your plugin sub directory. Also, you have to be careful before you copy this file to all of your plugins directory. Because, if one of your plugins sub directory has the index.html or index.php file, then you can make a new problem since the existing index.html or index.php file is the part of that plugin’s script.
2. The second method, similarly with the first method above, you can create a file with name index.html and then copy the following code to this file:

   1 2 3 4 5 6 7 8 9

   <html> <head> <title>This is your website title</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta content='2;url=http://www.yourdomain.com' http-equiv='Refresh'> </head> <body bgcolor="#FFFFFF" text="#000000"> </body> </html>

   Afterwards, put this file to all of your plugins sub directory. By using this method, each time your visitor trying to view your plugin sub directory, then they will be redirected to your website home page in two seconds. You can change how long your visitor will wait before being redirected to the home page, by changing the 2 value after meta content tag above. This method also has the weakness, since you have to put this file to all of your plugins sub directory, and you have to be careful for the reason as I mentioned at the first method above about the existing index.html or index.php file in your plugins sub directory.

3. The third method, is by using or optimizing (if already exist) the .htaccess file in your root website directory. Simply put this code at the top of your .htaccess file:

   1 2	# Avoid directory list Options -Indexes

   This method is the simpliest way of all three methods that we are talking about. Why? Because you only need to handle once from the .htaccess file. Afterwards, all of your sub directories under your root will be protected automatically. So, you don’t have to handle in each of your plugin sub directory anymore.

The first and the second methods above are necessary if you want to handle with different ways for each of your plugin when your visitor trying to view your directory list. For example, you want to display the certain message for plugin A that different for plugin B, and so on, before they got redirecting automatically using the second method.