In the security notes, each of my pages has the following message: “MainWP Plugin will check if it’s possible to list /wp-content/, /wp-content/plugins/, /wp-content/themes/ and /wp-content/uploads/ directories. After fixing this issue, an empty index.php file will be inserted in each directory in order to prevent listing.”
Can someone explain this to me? What exactly is the point of uploading empty index.php files there? What listing are you talking about?
Placing an empty index.php file to prevent a directory listing is not related to specifically to MainWP but WordPress in general.
When you place an empty index.php file in the directory, the web server will serve that file (which is empty, so nothing gets displayed) instead of the directory listing.
While a lot of hosts have directory listing prevention by default nowadays, there are still some that do not do this.
So inserting the blank index.php file is the best practice. This is pretty common in the WP world.
If you feel like you don’t need this security check on your setup, you can unhook it by using the following code snippet by placing it to the PHP section in the Custom Dashboard extension: