A directory listing allows website visitors to view all files in a directory when there is no index file (like index.html or index.php). While it may seem harmless, leaving directory listings enabled can expose sensitive files, your site’s structure, or scripts, potentially creating security vulnerabilities. The cPanel dashboard in your Domains.co.za Web Hosting plan makes it easy to disable directory browsing for your site and take control of your website’s privacy in just a few clicks.

How to Disable Directory Listing in cPanel

Follow these simple steps to hide directory listings from public view:

1. Login to your Domains.co.za account.

2. Click on Manage Services on the left-hand side and select Web Hosting from the drop-down menu.

3. Click Manage next to your website’s domain name.

4. Next, click the Login button next to Control Panel to access your cPanel dashboard.

5. Scroll down to the Advanced section and click Indexes.

6. Navigate to the directory you want to manage. You can also click through folders to find subdirectories if needed.

7. Click the folder name to edit its index settings.

8. Select the No Indexing option. This disables directory listings for that folder.

9. Click Save to apply your changes.

Additional Information

What is a Directory Listing?

A directory listing occurs when a user attempts to access a directory on a web server that doesn’t contain a default index file (such as index.html). Instead of seeing a normal webpage, you see a list of all the files and folders stored there, including file names, sizes, and last modification dates.

Knowing how to disable these listings is important for website security for several reasons:

• Without an index file, anyone can browse through your directories and discover files such as backups, configuration files, scripts, databases, and others that should not be publicly accessible, potentially leading to data breaches.
• By hiding your file structure, you make it harder for hackers or bots to map out your website’s vulnerabilities and identify potential targets for attacks.
• An unformatted list of files can look unprofessional and confusing to visitors. Disabling directory listings ensures your website looks polished and provides a better user experience.
• Many automated tools and bots actively scan for open directory listings to find exploits. Disabling this feature reduces the chance of your website’s internal structure being exposed.

Best Practices for Managing Directories

The easiest and most effective way to manage directory indexing is to disable it at your website’s root directory. This setting usually applies to all subdirectories unless specifically overridden. You can do this through the Index Manager in your control panel or by adding a line of code to your .htaccess file.

When someone tries to access a directory where indexing is disabled, they’ll usually see a 403 Forbidden error. You can create a custom 403 page to display a more user-friendly message or redirect them to another page.

Remember that each folder can have its own indexing setting. While disabling indexing site-wide is a good start, you might need to adjust settings for specific subfolders if they have different requirements.

The most secure approach is to always upload an index.html file to any directory intended for public browsing. This ensures visitors see the webpage they are meant to, instead of a list of files. Also, make sure you disable indexing for any directory that is not meant to be browsed by visitors.

Most WordPress sites won’t need this if using proper index.php files. Still, it’s a good layer of defence to have in place.