Protecting the critical Joomla files from being accessed directly over the web is an essential aspect of your website’s security.
Add this code to your .htaccess file in order to protect your Joomla’s configuration.php file and your .htaccess file from direct access via web
Deny from all
deny from all
This will restrict the access to configuration.php and .htaccess files.