Use .htaccess to Stop People From Viewing Files in a Directory.
Open the directory with your favorite FTP client – unless you’re local and can just navigate to the directory.
Add a file called .htaccess. The ‘.’ is important and mandatory.
The permissions for .htaccess should be 644.
Edit the .htaccess file with a plain-text editor (don’t use a word-processor application) and add the following line:
Save the file.
What this will do is prevent indexing the files in the folder. If people try to access the folder directly, they’ll get a 403 forbidden error.
At the same time, you can still link directly to files in that folder.
So, let’s say you added the .htaccess to a directory called /tmp. You can still link to, use, and send people to /tmp/picture.jpg like normal, but people won’t be able to browse the directory and find files you don’t want them to see.
For more information, click this.