If you use Apache, you’re all done, because of the .htaccess file already there. If you’re using Nginx, you need to edit your Nginx config to make your website work, because Nginx doesn’t understand .htaccess rules”.
Using Apache and Nginx at the same time is quite uncommon.
This will block all files anywhere that contain that name and extension ( .htaccess )
Deny From all
make sure you don’t have a space between|
besides, it would be desirable to have this as well
# Disable Directory Listings in this Directory and Subdirectories
# This will hide the files from the public unless they know direct URLs