diff --git a/core/includes/file.inc b/core/includes/file.inc
index 3e5eb8c..74b0809 100644
--- a/core/includes/file.inc
+++ b/core/includes/file.inc
@@ -332,7 +332,6 @@ function file_ensure_htaccess() {
     file_save_htaccess('private://', TRUE);
   }
   file_save_htaccess('temporary://', TRUE);
-  file_save_htaccess(config_get_config_directory(CONFIG_SYNC_DIRECTORY), TRUE);
 }
 
 /**
diff --git a/core/modules/system/src/Tests/System/HtaccessTest.php b/core/modules/system/src/Tests/System/HtaccessTest.php
index ad6e09e..06eeb6d 100644
--- a/core/modules/system/src/Tests/System/HtaccessTest.php
+++ b/core/modules/system/src/Tests/System/HtaccessTest.php
@@ -121,6 +121,10 @@ public function testFileAccess() {
     $this->drupalGet('test.php/test');
     $this->assertResponse(200);
     $this->assertText('This is a node');
+
+    // Ensure YAML files are not accessible in the sync directory.
+    $this->container->get('config.storage.staging')->write('test.settings', []);
+    $this->assertFileAccess(config_get_config_directory(CONFIG_SYNC_DIRECTORY) . '/test.settings.yml', 403);
   }
 
   /**