The base .htaccess file needs to be amended slightly near line 29 the filesmatch
# Security: Deny access to common configuration and data files
# eg: .htaccess, php.ini, .user.ini, php_errors.log, php_errors.log.php, backup.sql, settings.dat.php, file.defaultSqlData.php, backup.sql, etc
<IfModule !mod_authz_core.c>
<FilesMatch "\.(htaccess|ini|log|dat|defaultSqlData|sql)(\.php)?$">
Order Deny,Allow
Deny from All
</FilesMatch>
</IfModule>
<IfModule mod_authz_core.c>
<FilesMatch "\.(htaccess|ini|log|dat|defaultSqlData|sql)(\.php)?$">
Require all denied
</FilesMatch>
</IfModule>
---
Peace and Long Life