Comment on WordPress 301 Redirects Tutorial by SEO Gold Services.
Assuming you run on an Apache server it’s having something like:
Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch
Into your httpd.conf file for each domain on a server, this would make no directories that lack an index.html, index.php etc… show what’s in them.
If you know how to edit the httpd.conf file you’ll be looking for instances of something like this to change:
Options Indexes IncludesNOEXEC +SymLinksIfOwnerMatch
Another way is create an index.php file and add this to it:
// Silence is golden.
Upload this to any folder you want ‘hidden’, first check there isn’t a index.php file in the directory.
Users now get a blank webpage where ever you upload index.php to. I use this file in Stallion Responsive, load any of the Stallion Responsive folders in a browser like : https://stallion-theme.co.uk/wp-content/themes/stallion-responsive/widgets/
And it’s a white page, simple and effective, stops your visitors snooping inside your themes files and stops Google inadvertently easily spidering and indexing anything in the Stallion Responsive directories that shouldn’t be indexed. I don’t understand why WordPress by default doesn’t do this, doesn’t make any sense to allow users and search engines to see what’s inside /wp-includes/!
I’m not sure if every time you auto update WordPress /wp-admin/ and /wp-includes/ are deleted, if so if you want these hidden you’d have to upload the .htaccess file or the index.php file again after each update.
Best solution is the server side one, but can be beyond a lot of webmasters to edit the httpd.conf file. You might have a setting under your control panel, I use the control panel Virtualmin and I couldn’t find an option so added the code manually which on my servers is under “/etc/httpd/conf/httpd.conf“.