When it comes to improving the security of your WordPress website, it is always recommended to prevent outside visitors from browsing your WordPress directory files. It is very simple to do using the .htaccess file in the WordPress root directory.
Copy and paste the line below to the top of your .htaccess file
This simple line will prevent visitors from seeing a list of available files in your WordPress directory.
The .htaccess file is located at the root of your WordPress install (shown below).