Title: WP-includes Protection Last modified: June 28, 2018 --- # WP-includes Protection * Resolved [Briana2014](https://wordpress.org/support/users/briana2014/) * (@briana2014) * [7 years, 10 months ago](https://wordpress.org/support/topic/wp-includes-protection/) * Hi, Would you please show me where in your plugin I can find the option to protect my WP-includes files? I’ve protected all other files, but I cannot find the one for protecting my WP-includes as this is extremely crucial to protect. * Thanks so much Viewing 3 replies - 1 through 3 (of 3 total) * Plugin Author [gioni](https://wordpress.org/support/users/gioni/) * (@gioni) * [7 years, 10 months ago](https://wordpress.org/support/topic/wp-includes-protection/#post-10450156) * Hi! * What do you mean by “protecting my WP-includes”? Cerber Security Scanner allows you to monitor files for changes and scan the wp-includes folder for malware. * Thread Starter [Briana2014](https://wordpress.org/support/users/briana2014/) * (@briana2014) * [7 years, 10 months ago](https://wordpress.org/support/topic/wp-includes-protection/#post-10451180) * Hi Gioni, What I mean is that I’ve seen people (my analytics) accessing these files in my server and not sure why is so easy to access them and see everything in my wp-includes files. Is this normal and safe for anyone just to type the url path to that folder and look around? If is safe and no harm can come from it, then disregard my initial post. * If is not normal nor safe, then please advice on how to go about protecting these files from being accessed so EASY. * Thanks again for your plugin, is awesome! * Plugin Author [gioni](https://wordpress.org/support/users/gioni/) * (@gioni) * [7 years, 10 months ago](https://wordpress.org/support/topic/wp-includes-protection/#post-10452642) * Unless they are able to delete them, it’s safe because everyone knows what files resides in the wp-includes folder. But, having the ability to view directory listing (browse files) means your web server is not properly configured. For security reasons it’s advised to disable this built-in feature (a module) in the server configuration file. * The easiest way is to add the following string to the .htaccess file that is located in the root folder of your WP installation. * `Options -Indexes` * In a rare case it might lead to an server error when you try to visit home page of the website. In this case you need to delete the string and modify the server configuration file instead. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘WP-includes Protection’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wp-cerber_77a9bf.svg) * [WP Cerber Security, Anti-spam & Malware Scan](https://wordpress.org/plugins/wp-cerber/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-cerber/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-cerber/) * [Active Topics](https://wordpress.org/support/plugin/wp-cerber/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-cerber/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-cerber/reviews/) * 3 replies * 2 participants * Last reply from: [gioni](https://wordpress.org/support/users/gioni/) * Last activity: [7 years, 10 months ago](https://wordpress.org/support/topic/wp-includes-protection/#post-10452642) * Status: resolved