If you run the risk of someone accessing your php.ini file directly through their browsers, you can limit access to them using htaccess file.
Put following lines in your .htaccess file:
<Files php.ini> Order allow,deny Deny from all </Files>
If you want to prevent the risk access to your other files such as your htacess, htpasswd, ini, phps, fla, psd, log, sh files, you can also put following lines into your htaccess file:
<filesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$"> Order Allow,Deny Deny from all </filesMatch>