Index.php in uploads directory - Wordpress

Question

I have a plugin on a Wordpress site called WP Security, most of the stuff it does is easy to use and understandable, the changes it suggests like not have default 'WP_' prefix for databases etc.

One of the things it highlights is: The index.php file was not found in the uploads directory! You should create one in order to prevent directory listings.

So can anyone tell why preventing directory listings is good and do I need to put anything in the index file, and if so what code do I need to put in? Finally what is the importance of the index file in website I don't really get this part of web design? I have read it has to be there to make site visible to browsers but why is this, why can't browsers just use the URL with no index page?

Thanks for suggestions

Andrew

Answer 1

Yes, blocking directory index is a good idea in web apps. The index.* file is interpreted by web server instead of providing standard directory listing. Creating an empty index.* file is ony one (although the easiest and compatible with all(?) http servers) way of blocking users from viewing the contents of the directory. Another way is to configure webserver to not serve the directory index. In Apache this can be done in the .conf file with

Options -Indexes

in the <Directory> clause. Or you might tell apache to:

AllowOverride All

And create a .htaccess in the directory containing:

Options -Indexes

line.

Answer 2

Yes creating index.* file is really necessary to protect your asset as absence of index files shows whole directory structure and listed assets. Easiest way to create an index.php file with simple coding.