When you use GIT in order to deploy your website on an Apache web server, in everybody can access to the .git subfolder. Which means that it’s possible to get your source code (even passwords…).
Create a file name /etc/apache2/conf.d/denyGIT
# do not allow .git version control files to be issued
<Directorymatch "^/.*/\.git+/">
Order deny,allow
Deny from all
</Directorymatch>
<Files ~ "^\.git">
Order allow,deny
Deny from all
</Files>retart apache
/etc/init.d/apache restart