When you use GIT in order to deploy your website on an Apache web server, in everybody can access to the .git subfolder. Which means that it’s possible to get your source code (even passwords…).
Create a file name /etc/apache2/conf.d/denyGIT
# do not allow .git version control files to be issued <Directorymatch "^/.*/\.git+/"> Order deny,allow Deny from all </Directorymatch> <Files ~ "^\.git"> Order allow,deny Deny from all </Files>