For security purposes, it's highly recommended to disable directory browsing on your website. If left enabled, directory browsing can allow visitors—or malicious users—to see the contents of directories that don’t have an index file, potentially exposing sensitive files or revealing the structure of your site.
Note: Disabling directory browsing is a standard security best practice. However, in some specific use cases—such as development environments, publicly accessible file repositories, or certain media sharing directories—you may intentionally want it enabled. Always consider the purpose of the directory and who should have access to it.
Step 1. Log in to your cPanel account.
Step 2. Open the File Manager located in the Files section.
Step 3. Navigate to the public_html folder or the specific directory you want to protect.
Step 4. Locate and edit your .htaccess file. If the file isn’t visible, click on Settings in the top-right and check Show Hidden Files (dotfiles).
Step 5. Add the following line to the file and save your changes:
Options -Indexes
Once saved, visitors will receive a “403 Forbidden” error when trying to access any directory that doesn’t have an index file.
Disabling directory browsing adds a layer of security by preventing users from snooping around your site’s structure or accessing unintended files. It's especially important for shared hosting environments and production websites.