Hidden files and folders usually contain configuration data and other goodies not intended for public consumption. Git, for example, saves all sorts of useful information in a root-level directory named .git.
By default these files and folders don’t appear in a directory listing, but depending on server setup and where they live relative to the hosting directory, they might be accessible via web browser.
To deny direct access to all such “hidden” files and folders, add this to your .htaccess
file:
# Prevent direct access to files or folders starting with a dot
RewriteCond %{THE_REQUEST} ^.*/\.
RewriteRule (^\.|/\.) - [F]
Now, if a curious user goes snooping around for, say, .git/HEAD
on your site, they’ll get a nice, bland 404
error for their troubles.