One typical technique is to put your include files in directories not accessible via web http requests. This can be a directory branch from above your web root directory, or if a directory within the web root tree use .htaccess (assuming Apache) to prohibit the file(s) from being accessible.
Personally, with the vast majority of my include files, it does not matter, as they consist entirely of class or function definitions. Thus if they are accessed directly, all the requester gets is a blank page.
