There are a few ways to prevent access to sub-directories of your website.
Create an empty file with name index.html or index.php in that directory. Visitors trying to access that directory will see a browser with nothing.
Create .htaccess in that subdirectory with just one line:
deny from all