Firstly, create a file called htaccess.txt. This will be renamed later but due to files that are prefixed with a period being hidden by default this is the best method.
You want to edit this file with a text editor such as Notepad++ or even Notepad itself will do (Although not recommended) and put the following line at the top:
Code:
deny from all
Now simply save it and upload to the ./inc/ directory on your webhost. You will then need to rename it to .htaccess
You can test it's working by going to http://yoursite.com/inc/
If you receive a 403 error then everything is working as planned and is inaccessible to the real world.
Now all of your configurations and settings are protected just in case something is mis-configured server side.