How can I turn off directory indexing?

General | Updated 2026

If visitors can browse a list of files in your directories by going to a URL like yourdomain.com/images/, directory indexing is enabled. This is a security risk because it exposes your file structure. Here is how to disable it.

Quick Fix

Add one line to .htaccess

Add this line to your .htaccess file in public_html:
Options -Indexes
This tells Apache to return a 403 Forbidden error instead of showing a file listing when no index file exists in a directory.

01. Disable via .htaccess

Open or create the .htaccess file in your public_html directory and add:

Options -Indexes

This applies to all subdirectories as well. If a directory does not contain an index.html or index.php file, visitors will see a 403 error instead of a file listing.

02. Disable via cPanel

  1. Log into cPanel at my.ultrawebhosting.com
  2. Go to Advanced > Indexes
  3. Navigate to the directory you want to protect
  4. Select "No Indexing"
  5. Click Save

03. Why This Matters

When directory indexing is enabled, anyone can see the names and sizes of all files in that directory. This can expose backup files, configuration files, uploaded documents, or other content that should not be publicly visible. It also gives attackers a map of your file structure.

Tip

As an extra precaution, place an empty index.html file in any directory that should not be browsable (like /uploads/ or /includes/). Even if someone removes the Options -Indexes directive, the empty index file will show a blank page instead of a file listing.

For more on securing your .htaccess configuration, see the Complete Guide to .htaccess.

Need Help Securing Your Site?

Our support team can review your site's security configuration and help lock down exposed directories.

Open a Support Ticket

Quick Recap

  1. Add Options -Indexes to .htaccess - Disables file listings
  2. Or use cPanel > Advanced > Indexes
  3. Applies to all subdirectories below the .htaccess file
  4. Visitors see 403 Forbidden instead of a file list
  5. Place empty index.html files in sensitive directories as an extra layer

Securing your website directories · Last updated March 2026 · Browse all General articles

  • 460 Users Found This Useful

Was this answer helpful?

Related Articles

osCommerce password reset

General | Updated 2026 If you have lost your osCommerce admin password and cannot log into...

html or htm parsed as shtml not working

General | Updated 2026 If you have configured your server to parse .html or .htm files as...

Set CORS Header to Allow Access for Any Incoming Domain

Redirect | Updated March 2026 Quick Answer To allow any domain to access your resources,...

Reseller: Unable to find an IP address in when creating an account

General | Updated 2026 The "Unable to find an IP address" error in WHM occurs when trying to...

Do you support TeamSpeak?

Not Supported | 2026 Not Available on Shared Hosting TeamSpeak requires a persistent...



Save 30% on web hosting - Use coupon code Hosting30