In Apache HTTPD server normally when you have no index or default page in a directory, a visitor may be served with a full list of files in that the directory.在Apache的httpd服務器通常當您有沒有索引或默認頁在一個目錄,訪問者可送達的完整清單,檔案在該目錄中。 This could pose a serious security risk.這可能構成嚴重的安全風險。 It also exposes your files to the world at large, allowing them to be indexed by search engines and at the least pose privacy risk.它也暴露了您的檔案,以世界上的大,使他們能夠建立索引的搜索引擎,並在至少構成隱私的風險。 There are well known Google hacks which exploit this feature.有著名的Google黑客攻擊,其中利用此功能。 To stop default directory listing, add this to the htaccess file.停止默認的目錄列表,添加此向htaccess的文件。

Options -Indexes 選擇指標

This turns off index listing in the directory and all sub-directories under it.這將關閉指數上市,在目錄及所有分目錄下。

Note: In many web servers, directory listing may be turned off by default.注:在許多Web服務器,目錄列表,可關掉默認情況下。

One of the vulnerable folder in wordpress is wp-content.其中一個最脆弱的文件夾在WordPress是可濕性粉劑內容。 If you have a WordPress blog, check there to ensure that its content are not listed.如果您有一個WordPress所博客,有檢查,以確保其內容沒有列出。