I had created a subdomain to route to the WordPress login on one of my sites, in order to make it easier to find the login page later on after I removed the link from the home page. However, created the subdomain created two things: a subdirectory within the WordPress install directory, and made it browsable. So if I plugged in www.mydomain.com/login, a browsable index page came up. Since this sort of behavior opens up the website to malicious visitors, I had to find a way to plug up the hole.
Fortunately, there was already an answer out there to the solution. Because I installed WordPress into its own directory, and not the root, I merely had to make some adjustments to the .htaccess files.
For both files located at the WordPress root and the login folder root, I just needed to add the following lines at the end of each file:
# BEGIN Disable Dir Browsing
Options All -Indexes
# END Disable Dir Browsing
I believe this code can be applied to any directory that needs its contents hidden from browsing, as long as an .htaccess file exists.