.htaccess file sits at the root directory of a webhosting folder. You can modify this file to implement some security measures. In my case, I needed to use FileZila to be able to see it, download it, and upload the modified version of it. How to configure FileZilla was a major pain (see my article on Filezilla --> https://www.estat.us/file-zilla/ ).
This below prevents Chrome browser to indicate that your website is not secure. This turns the web URL to begin with https (with S at the end) instead of just http and I believe S means extra security.
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
You also want to prevent visitors to see the contents of a subfolder.
# Disable directory browsing
Options All -Indexes
Reference: