It’s true, the information from the file revisioning tool that developers rely on could be getting into the wrong hands.  Having your server set up correctly to block hidden files and directories is important.  Test your site, and see if you can go to http://<YourWebsite.com>/.git.  If you can, you’ve got a serious security issue you need to handle!  If not, that’s excellent.

My eBook and video course that teaches those how to set up servers manually is not prone to this vulnerability.  Though the course focuses on WordPress sites, the underlying setup and configuration of the web server will keep any site safe.  If you’ve got a security issue or you’d like to learn more, learn more information on my course, Make Recurring Money by Hosting WordPress Sites.

Sites talking about the vulnerability:

• http://thenextweb.com/insider/2015/07/27/a-simple-developer-error-is-exposing-private-information-on-thousands-of-websites/
• http://www.jamiembrown.com/blog/one-in-every-600-websites-has-git-exposed/
• http://fossbytes.com/one-in-every-600-websites-has-git-exposed-how-to-check-yours-and-hide-it/