Directory Index Guard Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
How it works
The Directory Index Guard plugin works by updating the Apache .htaccess file to include the directive Options -Indexes. It prevents you from having to edit it yourself via FTP or some other mechanism.
Features
- Easily turn directory indexes off with one click.
- Scan directory structure to check for exposed directory indexes.
- Provides a report of which directories are safe or exposed.
- Checks to make sure protection is still enabled after the .htaccess file is edited or updated by another process.
- Creates a backup of the existing .htaccess before modifying.
- Checks the syntax of the .htaccess file for errors before saving.
What is a Web Server Directory Listing?
A web server directory listing, commonly called a directory index, is a list of the contents in a folder stored on your WordPress server. Similar to your local computer directory, a web server has a directory structure for storing files and folders. If directory listings are turned on, the server will show all files and subfolders contained in that directory. The files can be viewed or downloaded, and you can move into and out of subfolders like you would on your local computer.
Why is this dangerous?
Often times, backups of critical WordPress configuration files are made before making changes and then stored in a directory on the server. These backup can potentially contain your WordPress administrator or database password. The source code for plugins, themes, and administrative functions are also stored in directories on the server. None of these files are intended for public viewing. Hackers can use directory listings to download these files and create a road map of how to exploit vulnerabilities in your site. If they contain your WordPress administrator password, your entire site and all of your customer data is at risk. To make this worse, hackers can scan these files with a script, on thousands of websites at a time, and hack your site or sell the information on the dark web. Common identity theft programs may not scan for WordPress configuration passwords. Turning off directory listings is absolutely critical for the security of your site.
Screenshots
-
Scan showing exposed directory listings without Directory Index Guard protection.
-
Scan showing safe directory listings with Directory Index Guard protection.
-
Screenshot of what a directory index listing looks like, for an admin source code folder.