diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
similarity index 100%
rename from core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess
rename to core/profiles/demo_umami/modules/demo_umami_content/default_content/.htaccess
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess
deleted file mode 100644
index ae4e251c81098acde0b94f18dac95ba966cd281e..0000000000000000000000000000000000000000
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess
+++ /dev/null
@@ -1,12 +0,0 @@
-# Deny all requests from Apache 2.4+.
-<IfModule mod_authz_core.c>
-  Require all denied
-</IfModule>
-
-# Deny all requests from Apache 2.0-2.2.
-<IfModule !mod_authz_core.c>
-  Deny from all
-</IfModule>
-# Turn off all options we don't need.
-Options None
-Options +FollowSymLinks
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess b/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess
deleted file mode 100644
index bdcdd2f5c88242af4c79bbdd05ddba3f0df7ff91..0000000000000000000000000000000000000000
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess
+++ /dev/null
@@ -1,11 +0,0 @@
-# Deny all requests from Apache 2.4+.
-<IfModule mod_authz_core.c>
-  Require all denied
-</IfModule>
-
-# Deny all requests from Apache 2.0-2.2.
-<IfModule !mod_authz_core.c>
-  Deny from all
-</IfModule>
-# Turn off all options we don't need.
-Options -Indexes -ExecCGI -Includes -MultiViews
diff --git a/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php b/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..26c92d0b88c8b27b9f73b0db17684b044c5b7dc8
--- /dev/null
+++ b/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php
@@ -0,0 +1,38 @@
+<?php
+
+namespace Drupal\Tests\demo_umami_content\Functional;
+
+use Drupal\Core\Site\Settings;
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests that files provided by demo_umami_content are not accessible.
+ *
+ * @group demo_umami_content
+ */
+class DefaultContentFilesAccessTest extends BrowserTestBase {
+
+  /**
+   * Tests that sample images, recipes and articles are not accessible.
+   */
+  public function testAccessDeniedToFiles() {
+    // The demo_umami profile should not be used because we want to ensure that 
+    // if you install another profile these files are not available.
+    $this->assertNotSame('demo_umami', Settings::get('install_profile'));
+
+    $files_to_test = [
+      'images/chocolate-brownie-umami.jpg',
+      'recipe_instructions/chocolate-brownie-umami.html',
+      'article_body/lets-hear-it-for-carrots.html',
+      'articles.csv',
+    ];
+    foreach ($files_to_test as $file) {
+      // Hard code the path since the demo_umami profile is not installed.
+      $content_path = "core/profiles/demo_umami/modules/demo_umami_content/default_content/$file";
+      $this->assertFileExists($this->root . '/' . $content_path);
+      $this->drupalGet($content_path);
+      $this->assertSession()->statusCodeEquals(403);
+    }
+  }
+
+}
diff --git a/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php b/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
index bfa1de25c738b916eb4f76980011ffc269c430a8..f6025fd6034939744f730636ae90cb979dbd22ce 100644
--- a/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
+++ b/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
@@ -163,37 +163,4 @@ public function testDemonstrationWarningMessage() {
     $web_assert->pageTextNotContains('This site is intended for demonstration purposes.');
   }
 
-  /**
-   * Tests that sample images are not accessible to the webserver.
-   */
-  public function testAccessDeniedToSampleImages() {
-    $file_name = 'chocolate-brownie-umami.jpg';
-    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/images/' . $file_name;
-    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
-    $this->drupalGet($file_path);
-    $this->assertSession()->statusCodeEquals(403);
-  }
-
-  /**
-   * Tests that sample recipes are not accessible to the webserver.
-   */
-  public function testAccessDeniedToSampleRecipes() {
-    $file_name = 'chocolate-brownie-umami.html';
-    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/recipe_instructions/' . $file_name;
-    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
-    $this->drupalGet($file_path);
-    $this->assertSession()->statusCodeEquals(403);
-  }
-
-  /**
-   * Tests that sample articles are not accessible to the webserver.
-   */
-  public function testAccessDeniedToSampleArticles() {
-    $file_name = 'lets-hear-it-for-carrots.html';
-    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/article_body/' . $file_name;
-    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
-    $this->drupalGet($file_path);
-    $this->assertSession()->statusCodeEquals(403);
-  }
-
 }