diff --git a/core/Filesystem.php b/core/Filesystem.php
index 585246a0cda45e56fbfe4067eb2d8d480414c957..3cd045bd8aaf6de1c756a847e9ed10bd0c6259fb 100644
--- a/core/Filesystem.php
+++ b/core/Filesystem.php
@@ -10,6 +10,7 @@ namespace Piwik;
 
 use Exception;
 use Piwik\Container\StaticContainer;
+use Piwik\Plugins\Installation\ServerFilesGenerator;
 use Piwik\Tracker\Cache as TrackerCache;
 use Piwik\Cache as PiwikCache;
 
@@ -30,6 +31,7 @@ class Filesystem
         TrackerCache::deleteTrackerCache();
         PiwikCache::flushAll();
         self::clearPhpCaches();
+        ServerFilesGenerator::createFilesForSecurity();
     }
 
     /**
diff --git a/plugins/Installation/ServerFilesGenerator.php b/plugins/Installation/ServerFilesGenerator.php
index 91ada4e2ec93fcd0f3fb5db00b7e5097d9ddd66c..c3eab335f6e03c2ca5c39d8f57805d0597645deb 100644
--- a/plugins/Installation/ServerFilesGenerator.php
+++ b/plugins/Installation/ServerFilesGenerator.php
@@ -34,10 +34,12 @@ class ServerFilesGenerator
         $allow = self::getAllowHtaccessContent();
 
         // more selective allow/deny filters
+        $noDirectoryListing = "Options -Indexes\n";
+
         $allowAny =
             "# Allow any file in this directory\n" .
             "<Files \"*\">\n" .
-                $allow . "\n" .
+            $allow . "\n" .
             "</Files>\n";
 
         $allowStaticAssets =
@@ -49,15 +51,15 @@ class ServerFilesGenerator
 
             "# Allow to serve static files which are safe\n" .
             "<Files ~ \"\\.(gif|ico|jpg|png|svg|js|css|htm|html|swf|mp3|mp4|wav|ogg|avi|ttf|eot|woff|woff2|json)$\">\n" .
-                 $allow . "\n" .
+            $allow . "\n" .
             "</Files>\n";
 
         $directoriesToProtect = array(
-            '/js'        => $allowAny,
-            '/libs'      => $denyAll . $allowStaticAssets,
-            '/vendor'    => $denyAll . $allowStaticAssets,
-            '/plugins'   => $denyAll . $allowStaticAssets,
-            '/misc/user' => $denyAll . $allowStaticAssets,
+            '/js'        => $allowAny . $noDirectoryListing,
+            '/libs'      => $denyAll . $allowStaticAssets . $noDirectoryListing,
+            '/vendor'    => $denyAll . $allowStaticAssets . $noDirectoryListing,
+            '/plugins'   => $denyAll . $allowStaticAssets . $noDirectoryListing,
+            '/misc/user' => $denyAll . $allowStaticAssets . $noDirectoryListing,
         );
         foreach ($directoriesToProtect as $directoryToProtect => $content) {
             self::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);
@@ -65,10 +67,10 @@ class ServerFilesGenerator
 
         // deny access to these folders
         $directoriesToProtect = array(
-            '/config' => $denyAll,
-            '/core' => $denyAll,
-            '/lang' => $denyAll,
-            '/tmp' => $denyAll,
+            '/config' => $denyAll . $noDirectoryListing,
+            '/core' => $denyAll . $noDirectoryListing,
+            '/lang' => $denyAll . $noDirectoryListing,
+            '/tmp' => $denyAll . $noDirectoryListing,
         );
         foreach ($directoriesToProtect as $directoryToProtect => $content) {
             self::createHtAccess(PIWIK_INCLUDE_PATH . $directoryToProtect, $overwrite = true, $content);