How can I turn off directory indexing?

General | Updated 2026

If visitors can browse a list of files in your directories by going to a URL like yourdomain.com/images/, directory indexing is enabled. This is a security risk because it exposes your file structure. Here is how to disable it.

Quick Fix

Add one line to .htaccess

Add this line to your .htaccess file in public_html:
Options -Indexes
This tells Apache to return a 403 Forbidden error instead of showing a file listing when no index file exists in a directory.

01. Disable via .htaccess

Open or create the .htaccess file in your public_html directory and add:

Options -Indexes

This applies to all subdirectories as well. If a directory does not contain an index.html or index.php file, visitors will see a 403 error instead of a file listing.

02. Disable via cPanel

  1. Log into cPanel at my.ultrawebhosting.com
  2. Go to Advanced > Indexes
  3. Navigate to the directory you want to protect
  4. Select "No Indexing"
  5. Click Save

03. Why This Matters

When directory indexing is enabled, anyone can see the names and sizes of all files in that directory. This can expose backup files, configuration files, uploaded documents, or other content that should not be publicly visible. It also gives attackers a map of your file structure.

Tip

As an extra precaution, place an empty index.html file in any directory that should not be browsable (like /uploads/ or /includes/). Even if someone removes the Options -Indexes directive, the empty index file will show a blank page instead of a file listing.

For more on securing your .htaccess configuration, see the Complete Guide to .htaccess.

Need Help Securing Your Site?

Our support team can review your site's security configuration and help lock down exposed directories.

Open a Support Ticket

Quick Recap

  1. Add Options -Indexes to .htaccess - Disables file listings
  2. Or use cPanel > Advanced > Indexes
  3. Applies to all subdirectories below the .htaccess file
  4. Visitors see 403 Forbidden instead of a file list
  5. Place empty index.html files in sensitive directories as an extra layer

Securing your website directories · Last updated March 2026 · Browse all General articles

  • 460 Users Found This Useful

Was this answer helpful?

Related Articles

How to Password Protect a Directory

General | Updated March 2026 You can password-protect any directory on your website so that...

My index page does not load - Why not?

General | Updated 2026 If your domain loads a directory listing, a default server page, or a...

Lightweight Browser for Older and Slower Computers

General | Updated 2026 If your computer is older or running on limited hardware, modern...

How to Pass Variables Between HTML Pages

General | Updated March 2026 Plain HTML files cannot pass variables between pages on their...

SSL - Creating a CSR in Windows 2003

Obsolete Technology | 2026 This Guide Is Outdated Windows Server 2003 reached end-of-life...



Save 30% on web hosting - Use coupon code Hosting30