In my former life, I had a directory inside my Web Root called config, and inside that directory had a .htaccess file with this code...
deny from all
My understanding was that code would prevent someone from accessing/opening any files in my config directory.
Since then, I have eliminated that folder, and moved my config.php file outside of the Web Root to a directory called outside_web_root.
Does having a .htaccess file - with that same code - in my new outside_web_root directory serve any purpose now?? :-/
The goal being that I want to make it as difficult as possible for hackers to go where they shouldn't!!
Hope that makes sense?!