How to Deny Access to Hidden Files and Directories

Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg

RewriteCond %{SCRIPT_FILENAME} -d [OR]

RewriteCond %{SCRIPT_FILENAME} -f

RewriteRule "(^|/)\." - [F]

Alternatively, you can just raise a ‘Not Found’ error, giving the attacker no clue:

RedirectMatch 404 /\..*$

How to Deny Access to Hidden Files and Directories

Table Of Contents