diff --git a/code/FileVersion.php b/code/FileVersion.php
index ccbf7b2..a298bf9 100755
--- a/code/FileVersion.php
+++ b/code/FileVersion.php
@@ -129,6 +129,12 @@ protected function saveCurrentVersion()
         }
 
         Filesystem::makeFolder($base);
+        $versionsDir = dirname($base);
+        $htaccessPath = Controller::join_links($versionsDir, '.htaccess');
+        if (!file_exists($htaccessPath)) {
+            $content = "Order deny,allow\nDeny from all";
+            file_put_contents($htaccessPath, $content);
+        }
 
         $extension = $file->getExtension();
         $basename  = basename($file->Name, $extension);
diff --git a/tests/VersionedFileTest.php b/tests/VersionedFileTest.php
index 466ec1c..f377cbf 100755
--- a/tests/VersionedFileTest.php
+++ b/tests/VersionedFileTest.php
@@ -201,6 +201,15 @@ public function testOnBeforeDelete()
         $this->assertTrue(is_dir($this->folder->getFullPath() . '/_versions'));
     }
 
+    public function testVersionsFolderProtected()
+    {
+        $file = new File();
+        $file->ParentID = $this->folder->ID;
+        $file->Filename = $this->folder->getFilename() . 'test-file.txt';
+        $file->write();
+        $this->assertTrue(file_exists($this->folder->getFullPath() . '/_versions/.htaccess'));
+    }
+
     protected function getFileEditForm()
     {
         $admin  = new AssetAdmin();