Protecting the critical Joomla files from being accessed directly over the web is an essential aspect of your website’s security.
Add this code to your .htaccess file in order to protect your Joomla’s configuration.php file and your .htaccess file from direct access via web
+++++
<FilesMatch “configuration.php”>
Order allow,deny
Deny from all
</FilesMatch>
<Files .htaccess>
order allow,deny
deny from all
</Files>
++++
This will restrict the access to configuration.php and .htaccess files.