Building your online presence is a thrilling journey, but it’s vital to keep it secure too. In this article, we’re diving into a fundamental aspect of website security: how to disable directory listing in your cPanel control panel. Don’t worry, it’s not as complex as it sounds, and by the end of this guide, you’ll be a pro at keeping your website directories private and secure.
Table of Contents
Understanding Directory Listing and Its ImplicationsSteps for Disabling Directory Listing in cPanelOption 1: Disabling Directory Browsing With cPanel’s Indexes ToolOption 2: Disabling Directory Browsing in cPanel’s File ManagerOption 3: Manually Creating Index Files To Prevent Directory ListingOption 4: Configuring .htaccess To Turn off Directory ListingChecking Directory Listing StatusFAQ for Disabling Directory ListingsIn Conclusion
Understanding Directory Listing and Its Implications
Your website is made up of multiple directories and files. Directory listing allows any visitor to browse through your directories seeing all the file and folder names without restrictions. It might seem harmless, but it exposes the contents of your website’s folders, potentially compromising sensitive data or information you’d prefer to keep private.
Image of a public directory listing (source: Wikimedia Commons)
Steps for Disabling Directory Listing in cPanel
Let’s get to the heart of the matter—how to disable directory listing. Luckily, cPanel offers multiple ways to safeguard your folders:
Option 1: Disabling Directory Browsing With cPanel’s Indexes Tool
cPanel provides multiple ways you can disable directory listing. One of the simplest ways it to use the ‘Indexes’ tool.
1. Log in to your cPanel account. If you have a hosting plan with MCloud9 you can follow our guide to accessing your cPanel account.
2. Locate the ‘Indexes’ tool. It’s under the ‘Advanced’ section.
3. Navigate to the directory you wish to secure. This is usually the ‘public_html‘ folder (where your website files are stored). Alternatively, you can use the ‘File Manager’ to navigate to the directory you want to secure then right-click and choose ‘Manage Indices’ (then jump to step 5).
4. Select the ‘Edit’ option.
5. Choose ‘No Indexing’ then click ‘Save’. This restricts access to the folder, preventing directory browsing.
The other indexing options available include:
Inherit is the default set by your hosting provider. It could be on or off.
Show Filename Only allows directory listing. This makes the names of the files and directories visible to the public.
Show Filename and Description also allows directory listing, but a public user can see the file names and directories as well as file attributes: file size and file type.
By following these simple steps, you’ve effectively barred unauthorised access to your directories, ensuring your content remains exclusively for your eyes or those you grant permission to.
Option 2: Disabling Directory Browsing in cPanel’s File Manager
Imagine the File Manager as your website’s backstage, where you manage files and folders. Here’s how you can disable directory browsing:
1. Log in to your cPanel account. Learn how to access your MCloud9 cPanel account.
2. Open the File Manager. It’s usually under the ‘Files’ section.
3. Navigate to the ‘public_html’ directory (this is where your website files are stored).
4. Find the folder you want to secure. Right-click on it and select ‘Change Permissions’.
5. Set permissions to 750 or 700 and save. After changing the permissions by checking/unchecking the option boxes, save the changes by selecting the ‘Change Permissions‘ button.
This restricts access to the folder, prohibiting directory browsing.
Option 3: Manually Creating Index Files To Prevent Directory Listing
Creating index files serves as an added layer of security. Here’s how you do it:
1. Open the File Manager in your cPanel dashboard.
2. Go to to the folder you want to protect.
3. Create an index file. You can do this by creating a new index.html or index.php file in the directory or uploading one into the directory.
4. Ensure the file is empty or has a redirect. This file will now be the default page people see, securing your directory contents from prying eyes.
5. (Optional) Edit the Index File: You can display a custom message to visitors when trying to access the folder. Simply right-click on the newly created/uploaded file and select ‘Edit.’ No need to worry; you won’t need to be a coding whiz. A simple tag like <h1>Access Denied</h1> will do the trick. Save it, and you’re done!
Voila! You’ve placed a digital “Do Not Disturb” sign on your directories, effectively deterring unwanted access.
Option 4: Configuring .htaccess To Turn off Directory Listing
The steps to disable directory listing through the .htaccess file involve creating or editing the .htaccess file in the root directory of your website and adding the necessary code to forbid directory indexing. This ensures that directory listing is turned off for the entire site or specified directory.
1. Go to the File Manager via cPanel. If you host with MCloud9 you can view our easy guide to accessing your cPanel account.
2. Browse to the directory you want to secure.
3. Locate the ‘.htaccess’ file, right-click and choose ‘Edit.‘ If the file doesn’t exist, create one by selecting the ‘+ File’ option from the top toolbar (on the right) and naming it ‘.htaccess’ (make sure to include the period at the beginning).
4. Insert the following code and click ‘Save Changes’:
Options -Indexes
This simple line commands the server to disable directory listing for the current directory and all subdirectories.
Checking Directory Listing Status
Curious to see if your changes took effect?
It’s easy, simply attempt to access a folder that once displayed its directory contents, you should now encounter either a ‘Page Not Found‘, ‘Access Denied‘, or a ‘Forbidden‘ error message.
FAQ for Disabling Directory Listings
What does it mean to disable directory listing in cPanel?
Disabling directory listing means that when a user goes to a directory on your website where there is no index file (e.g., index.html, index.php), instead of displaying a list of the contents of the directory, a “forbidden” or “not found” error message will appear.
Can I disable directory listing globally for my entire website in cPanel?
Yes, you can disable directory listing globally for your website by using the .htaccess file. By adding a specific line of code to the .htaccess file, you can turn off directory indexing for the entire website.
I am using WordPress, how can I disable directory listing in cPanel?
If you are using WordPress, you can disable directory listing in cPanel by adding the appropriate code to the .htaccess file. This can be done through the file manager in the cPanel or by using an FTP client to access the files.
What if I do not have access to the .htaccess file?
If you don’t have access to the .htaccess file, you may need to contact your web hosting service provider to apply the necessary changes or utilise the alternative methods mentioned in the article to achieve this.
In Conclusion
Congratulations! You’ve taken a significant move in fortifying your website’s security by learning how to disable directory listing in your cPanel. Now, when visitors try to peek into your website’s folders, they’ll encounter an impenetrable fortress rather than an open gateway.
By implementing the steps outlined in this tutorial, you’ve safeguarded your content from prying eyes, ensuring that only authorised individuals can access specific directories. At MCloud9, we understand the paramount importance of web security in fostering a trustworthy online presence.
For further insights or assistance in web hosting, security, or any other digital endeavours, MCloud9 stands ready as your reliable partner in navigating the complexities of the online realm.