In Apache HTTPD server normally when you have no index or default page in a directory, a visitor may be served with a full list of files in that the directory. This could pose a serious security risk. It also exposes your files to the world at large, allowing them to be indexed by search engines and at the least pose privacy risk. There are well known Google hacks which exploit this feature. To stop default directory listing, add this to the htaccess file.

Options -Indexes

This turns off index listing in the directory and all sub-directories under it.

Note: In many web servers, directory listing may be turned off by default.

One of the vulnerable folder in wordpress is wp-content. If you have a WordPress blog, check there to ensure that its content are not listed.