By default when your web server does not find an index file (i.e. a file like index.php or index.html), it automatically displays an index page showing the contents of the directory. This could make your site vulnerable to hack attacks by revealing important information needed to exploit a vulnerability in a WordPress plugin, theme, or your server in general. In this article, we will show you how to disable directory browsing in WordPress.
Directory browsing can be used by hackers to find out if you have any files with known vulnerabilities, so they can take advantage of these files to gain access. For the comprehensive security of our sites, we use Sucuri for WordPress security. They have a simple dashboard which allows us to do this and perform many other WordPress security strengthening steps with in few clicks.
Directory browsing can also be used by other people to look into your files, copy images, find out your directory structure, and other information. This is why it is highly recommended that you turn off directory indexing and browsing.
If you don’t like the video or need more instructions, then continue reading.
To disable directory browsing in WordPress all you need to do is add a single line of code in your WordPress site’s
.htaccess file located in the root directory of your website. To edit the
.htaccess file you need to connect to your website using an FTP client.
Once connected to your website, you will find a
.htaccess file in your site’s root directory.
.htaccess is a hidden file, and if you can not find it on your server, you need to make sure that you have enabled your FTP client to show hidden files.
You can edit your
.htaccess file by downloading it to your desktop and opening it in a text editor like Notepad. Now at the end of your WordPress generated code in the
.htaccess file simply add this line at the bottom:
Now save your
.htaccess file and upload it back to your server using your FTP client. That’s all you need to do. Directory browsing is now disabled on your WordPress site and people trying to locate a directory index on your website will be redirected to WordPress 404 page.
For example, you’re running a mp3 site on wordpress and hosting audio files on your own server. By default when an user click on a mp3 file link, it automatically play the audio instead of downloading. This could make your site user annoying as he have to right click on the file and choose Save As to download it. In this article, we will show you how to Force Download of Mp3 files instead of Streaming without plugins.
You can disable this streaming feature in WordPress by add some lines of code in your WordPress site’s .htaccess file located in the root directory of your wordpress install. To edit the .htaccess file you need to login into your hosting and navigate to File Manager.
Once navigated to your file manager, you will find a .htaccess file in your site’s root directory. .htaccess is a hidden file by default, so if you can’t find it on your server, you need to make sure that you have enabled your file manager to show hidden files.
You can edit your .htaccess file by downloading it to your pc or code edit feature on your server. After open it at the end of your WordPress generated code in the .htaccess file simply add these lines at the bottom as shown in the image below:
Header set Content–Disposition attachment
You can change or add any other file type based on your need (example: pdf, mp4, doc)
Now save your .htaccess file. That’s all you need to do. Streaming feature is now disabled on your WordPress site and people can download mp3 files hosting on your blog by just click on it.
We hope this article will help you to learn How to force download after a click on the mp3 file link. For questions and feedback you can leave a comment below or join us on our forum.
So you want a single link to be in a different colour and if CSS is being stubborn then try this:
<a href=“http://www.ahmedv.com” style=“background-color: white; color: orange;”>your link text here</a>