How to prevent visitors from viewing .htaccess and .htpasswd files

Hide .htaccess file by disallowing access to .htaccess files to browsers

Every .htaccess file from any web server out there will have sensitive data inside it. If .htaccess files are not protected by default, they can be accessed by anyone (just type in your borwser: http://www.site.com/.htaccess and, if this restriction is in place, you'll get a 403 Forbidden error).

How to prevent visitors from viewing .htaccess and .htpasswd files

By placing the following lines in your apache's config file (/etc/httpd/httpd.conf on Linux or /usr/local/etc/apache/httpd.conf on FreeBSD), if you have access or in your.htaccess file:

<Files ~ "^.ht">     Order allow,deny     Deny from all     Satisfy All </Files>

This will prevent your website visitors from viewing any files starting with ".ht" (.htaccess and .htpasswd).