Several hacking techniques may need an open directory to be accessed in order to hack a website. For example my friend Selena from Spain, her website just been hacked recently by someone and down for a while.
Her wp-includes directory is accessible easily without any security and maybe another directory she have also accessible and vulnerable. You can also check your site vulnerability by accessing this URL: http://www.your-site.com/wp-includes or http://www.your-site.com/wp-content/uploads.
When you access that directory, you may see a page like the screenshot above. The question now is, how to securing that page?
If you asked me about it, i want to say if it is pretty simple. You can upload a file named index.php and put this code into it:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html> <head> <meta http-equiv="REFRESH" content="0;url=http://www.your-website.com/"></HEAD> <BODY> </BODY> </HTML>
Before you save the file, make sure if you already modify the content value into your website URL.
Once you done with it, you can upload the file via FTP to any vulnerable directory you have. This file will send the hacker into the URL you set at this file. So, there will be no longer vulnerable directory 🙂 .