If you run the risk of someone accessing your php.ini or php.cgi files directly through their browsers, you can limit access to them using .htaccess.
To enable this, create a .htaccess file following the main instructions and guidance, and include the following text:
| <FilesMatch "^php5?\.(ini|cgi)$">
Deny from All
Allow from env=REDIRECT_STATUS