WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as the massive ecosystem of Plugins and theme, you can create any type of website with WordPress.
As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources.
on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to the hacker.
Security Risk involves in Showing Directory listing-:
By default most web servers like Apache, NGINX and LiteSpeed have directory browsing enabled. Directory listing provides a clear cut idea about your website structure to the hacker to find a weak section of your website. In my previous post, I have explained How to Disable Directory listing on a website hosted on Apache Server. Go to path http://yoursitename.com/wp-includes/ and replace yoursitename.com with your website URL.
if you see below snapshot which means directory list is enabled on your WordPress website. In this post, I will explain how to disable directory browsing on WordPress website hosted on LiteSpeed Server. LiteSpeed server is not free and open source like Apache.
What is LiteSpeed Server-:
LiteSpeed Web Server (LSWS) is compatible with commonly used Apache features including mod_rewrite, .htaccess, and mod_security. As a drop-in Apache alternative, LSWS can load Apache configuration files directly and can fully integrate with popular control panels, including cPanel, Plesk, DirectAdmin, CyberPanel and more.
How to Disable Directory Listing in WordPress Hosted on LiteSpeed Server-:
Similar to all other web servers we’ve covered so far, on the LiteSpeed webserver you can disable directory listing at both web server and website level. To disable directory listing at the server level, you can manually update the httpd_config.xml file. On the other hand, you can also do it by using the LiteSpeed server control panel.
As you can see from the code example in the screenshot above, if you want to disable directory listing at the server level, add the following line to the httpd_config.xml file:
If you want to enable or disable the directory listing at website level you need to follow the /VIRTUAL_HOST_ADI/conf/vhconf.xml path and make the relevant definitions for the file you access.
If you like my work, Please Share on Social Media! You can Follow WP knol on Facebook, Twitter, Pinterest, Quora and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.