Protecting the php.ini File From Being Viewed | Bluehost Support
  1. bluehost knowledge base

Protecting the php.ini File From Being Viewed

To prevent people to viewing your php.ini file via a browser a few lines need to be pasted into the .htaccess file.
  1. Log in to your Bluehost cPanel account.
  2. Click on File Manager (if prompted, select the checkbox to view hidden files)
  3. Double-click on the public_html folder to open it
  4. Right-click on the .htaccess file and then select the "Edit".
  5. Paste the following code into the bottom of the file and then click save:
<Files php.ini>
  Order allow,deny
  Deny from all
</Files>
 

Now your php.ini file is protected. This change prevents PHP hackers from finding exploits on your site.