It is a good practice to disable website visitors from reading htaccess file. Disallowing htaccess file from being read provides one more obstacle for hackers. The syntax for the same is given below:
<Files .htaccess>
order allow,deny
deny from all
</Files>
ref.:
https://www.koozai.com/blog/search-marketing/htaccess-file/