As you may know by now, wp-config.php is a powerful file & links your data to your database tables. So, it’s important for you to secure your wp-config.php file from hackers and other people. If someone has access to your wp-config.php file then they’ll be able to see the username and password of your WordPress’ database.
.htaccess is a simple file but you can do a lot of amazing stuff with it. You can also protect your wp-config.php file with this text file. You can use this trick will all files. Make sure not to block users from accessing your website.
Add following code to your .htaccess file to protect wp-config.php file:
deny from all
This code should be placed in an .htaccess file located in the directory that contains your wp-config.php file.