An Apache .htaccess file can contain access rules, redirect logic, and sometimes credentials or internal paths — if it's readable directly rather than being processed silently by the server, its contents (including any sensitive logic) become visible to anyone who requests it.
Your .htaccess file can reveal internal redirect rules, IP restrictions, and server configuration — a roadmap of exactly how your server is locked down, and therefore how to get around it.
yoursite.com/.htaccess returns a 403, never file contents.
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →