Hi,
I’ve just deployed a Bedrock site using github actions (not trellis) and noticed that you can go to domain.com/app or domain/wp/wp-content/ and see an index of all the files and directories on the server.
All the source files are exposed.
How do you block access to directories and files?
That depends on the configuration of the server you’re deploying to, it’s not something Bedrock can directly control.