If someone goes to a directory in my website without a index.php on a browser, he can view all of the files in that directory.
Are there ways to prevent this? (other than adding a index.php)
The easiest way to do this is to edit the .htaccess in the root directory of your website. Add
to the file. This will disable directory listing in every directory of your website.
This returns a 404 page right? Thanks.
Turning off directory listing will cause a 403 unauthorized to be returned.