While trying to lock down a WordPress site that keeps getting attacked, I realized that the /cgi-bin folder was being exploited when I found an index.php file in it.
In fancy security operations lingo, the cgi-bin folder was an "attack vector" for the WordPress exploits the site was experiencing.
So, in order to reduce the risk of forgetting to check that folder for files in the future, I wanted to just get rid of it entirely. cPanel doesn't have a "disable the cgi-bin folder" option, but I realized the solution is even simpler:
If you don't use the cgi-bin folder, just delete it!
Use your FTP program, cPanel or whichever method you use to manage your site files and say sayonara to it.
