I want to know for security purpose that my files directory is directly web access or not. I put “Options -Indexes” this code in .htaccess file. Now directory browsing is disabled, if anyone wants to access directory it shows “Forbidden You don’t have permission to access /plugins/ on this server.”.
It is easier to by setting proper permissions and ownership. It is the best if it is out of public_html folder and that permissions are defined in a way that does not allow direct web access.
There are several posts in forum about that topic. I Think that search with search words: permissions, folder, files shoudl give you a plenty of forum discussions on the topic.