Restrict Access to Sensitive WordPress Files
The following directives will block outside access to any wp-config.php, php.ini, php5.ini, readme.html, and error_log file on your site. Just add this block of text to your .htacess file at the root of your WordPress website. Generally the .htaccess file is in the Public_HTML directory.
Deny from all