Prevent access to php.ini
If your php.cgi or php.ini files are in the risk to be accessed by someone through their web browser, you can limit their access by using .htaccess.
However, the option to edit the php.ini file is not offered by all the web hosting companies. It’s true, especially for shared hosting service providers where hundreds of websites are running by a single PHP installation.
But fortunately, you have a workaround. The php.ini rules can be embedded in your .htaccess file.
For enabling this, you need to create an .htaccess file by following the guidance and the main instructions that include the text below.
<FilesMatch "^php5?\.(ini|cgi)$"> Order Deny,Allow Deny from All Allow from env=REDIRECT_STATUS