By default, everybody has access to an .htaccess file's contents. Due to the fact that it exposes web site configuration data, this could be a security issue. It is a good practice to restrict access to .htaccess files for security reasons.
To do this, add the following directives to the .htaccess file:
# Prevent Apache from serving .htaccess files: <FilesMatch ".htaccess"> Order allow, deny Deny from all </FilesMatch>
Now, when users attempt to view the .htaccess file directly, their web browsers display a '403 Forbidden' message.