Critical files, Let say configuration.php file for Joomla
1. Make a backup copy of your .htaccess file. Use your backup file to recover if the following fails. Be sure to delete the backup file once you are finished.
2. Add the following to your .htaccess file. This example will protect the configurtation.php file.
Deny from all
Most servers are configured so that directory browsing is not allowed, that is if people enter the URL to a directory that does not contain an index file they will not see the contents of the directory but will instead get an error message. If your site is not configured this way you can prevent directory browsing by adding this simple line to your .htaccess file:
If you can’t edit a certain file and give you an error message, you will need to change the owner for that file or folder.