In Apache HTTPD server normally when you have no index or default page in a directory, a visitor may be served with a full list of files in that the directory.在Apache的httpd服务器通常当您有没有索引或默认页在一个目录,访问者可送达的完整清单,档案在该目录中。 This could pose a serious security risk.这可能构成严重的安全风险。 It also exposes your files to the world at large, allowing them to be indexed by search engines and at the least pose privacy risk.它也暴露了您的档案,以世界上的大,使他们能够建立索引的搜索引擎,并在至少构成隐私的风险。 There are well known Google hacks which exploit this feature.有著名的Google黑客攻击,其中利用此功能。 To stop default directory listing, add this to the htaccess file.停止默认的目录列表,添加此向htaccess的文件。

Options -Indexes 选择指标

This turns off index listing in the directory and all sub-directories under it.这将关闭指数上市,在目录及所有分目录下。

Note: In many web servers, directory listing may be turned off by default.注:在许多Web服务器,目录列表,可关掉默认情况下。

One of the vulnerable folder in wordpress is wp-content.其中一个最脆弱的文件夹在WordPress是可湿性粉剂内容。 If you have a WordPress blog, check there to ensure that its content are not listed.如果您有一个WordPress所博客,有检查,以确保其内容没有列出。