# Prevent access to:
# - .htaccess and .htpasswd files
# - backup files from being viewed
-<FilesMatch "^(\.ht.*|.*~|.*,v)$">
+# - PHP's .user.ini
+<FilesMatch "^(\.ht.*|\.user\.ini|.*~|.*,v)$">
<IfModule mod_authz_host.c>
Require all denied
</IfModule>
# Prevent access to:
# - version control directories
-<DirectoryMatch "/\.(svn|git|hg|bzr)|CVS)/?">
+<DirectoryMatch "/(\.(svn|git|hg|bzr)|CVS)/?">
<IfModule mod_authz_host.c>
Require all denied
</IfModule>