You can also configure your server so that directory indexes are turned off, and files in the directory are not listed. To get to the file, the visitor would have to guess the name. They can probably guess all the locations.
On an Apache server, you can add this to a .htaccess file and put it /wp-content/uploads/ or /wp-content/ or even / if you want to turn off directory indexes across the whole site. This will work if the server allows this type of override in at .htaccess file. In any case, this is what to put in the .htaccess file (note the leading dot):
At least that way the directory of files is not listed. There's normally no reason to have directory indexes turn on in a WordPress installation. And you can always override this rule to make the server show indexes for specific directories.
This works if you are using Apache on Linux and the server is configured to allow this sort of override in the .htaccess file. If you get a "500 Internal Server Error" (white screen) after adding this rule to you .htaccess file, the server probably does not allow it and this will not work for you.
Posted 11 years ago on Sunday February 27, 2011 | Permalink