If you want to ensure your infrastructure is secure against credential leaks, tell me: What are you running? (Apache, Nginx, IIS?)
If you want to ensure your infrastructure is completely locked down, please let me know: index of password txt patched
location / autoindex off;