So I wanted to block directory browsing for my site to avoid visitors from seeing all my files and folders. I found numerous places online that suggested adding the following text to the .htaccess file: “Options -Indexes” or “Options All-Indexes”. I added this to the .htaccess file and uploaded it. And it worked! Sort of.
Now, when I typed the address for a directory (http://mywpsite.com/junk) I get forwarded to my host’s 404 page (http://error404.000webhost.com/?), rather than my own 404 page. This is almost as bad as the original situation, because now I’m moving visitors away from my site completely!
I kept searching for answers and saw that another option was to put a blank index.html file in the folders/directories I want to block. This seemed like maybe it isn’t as secure as the previous solution, but still seemed like it would do the trick. I created this file and uploaded it, and changed “Options -Indexes” to “Options +Indexes” in my .htaccess file. Now I’m getting my custom index.html page (after some hand-wringing and cookie clearing during which my entire site disappeared).
What I want to know is how I can both block directory browsing and redirect visitors to my custom page. Is my current solution secure enough? Is the forced redirect a quirk of my (free) host, or will that happen regardless of the host I use? I want to make sure my visitors get a smooth, unified experience, but I also want to make sure my site is secure.