That may be one way to keep hackers at bay. Depending on how you do it, it may or may not be effective. Sometimes it comes down to how your host configures their servers. If they are not secured, your sites hosted there won't be either. If you use Wordpress, a good plugin to use is a free one called Bulletproof Security. It does modify your .htaccess files for you. it also alerts you to some .htaccess files that are nested by other plugins you may have installed on a WP site that need to be secured as well. It's a good fix if you know little about modifying the access files. Each time you update certain things BS lets you know if those files must be modified again to remain safe. A dashboard lets you control such things. With HTML based sites, many hosts have instructions available to work with the access files so they work witrh their servers. I have noticed that on some host's servers you must get rid of the preceeding period in the file name to copy, move or work with it. Then you can add it in once you have it placed or modified where you want it. A little annoying quirk that has to be worked around sometimes. The period must be there for it to be of use.