Put this in an .htaccess file at the root of your web server:
RedirectMatch 404 /\.git
This solution is robust and secure: it
- works for all
.gitdirectories in your site, even if there are more than one, - also hides other Git files like
.gitignoreand.gitmodules - works even for newly-added
.gitdirectories, and - doesn’t even give away the fact that the directories exist.