Make wp-content/debug.log inaccessible

My site was infected with a malware, after restore a backup and run a scan using Wordfence, it mentions:

/wp-content/debug.log is publicly accessible and may expose source code or sensitive information about your site

Can you please help me to make wp-content/debug.log inaccessible?