diff --git a/index.js b/index.js
index 46032b6..1ab4263 100644
--- a/index.js
+++ b/index.js
@@ -58,7 +58,7 @@ function send(ctx, path, opts) {
     path = resolvePath(root, path);
 
     // hidden file support, ignore
-    if (!hidden && leadingDot(path)) return;
+    if (!hidden && isHidden(root, path)) return;
 
     // serve gzipped file when possible
     if (encoding === 'gzip' && gzip && (yield fs.exists(path + '.gz'))) {
@@ -93,8 +93,12 @@ function send(ctx, path, opts) {
  * Check if it's hidden.
  */
 
-function leadingDot(path) {
-  return '.' == basename(path)[0];
+function isHidden(root, path) {
+  path = path.substr(root.length).split('/');
+  for(var i = 0; i < path.length; i++) {
+    if(path[i][0] === '.') return true;
+  }
+  return false;
 }
 
 /**
diff --git a/test/fixtures/.hidden b/test/fixtures/.hidden
new file mode 100644
index 0000000..7addfc4
--- /dev/null
+++ b/test/fixtures/.hidden
@@ -0,0 +1 @@
+You should never get here
\ No newline at end of file
diff --git a/test/fixtures/.private/id_rsa.txt b/test/fixtures/.private/id_rsa.txt
new file mode 100644
index 0000000..7addfc4
--- /dev/null
+++ b/test/fixtures/.private/id_rsa.txt
@@ -0,0 +1 @@
+You should never get here
\ No newline at end of file
diff --git a/test/index.js b/test/index.js
index 125e4b9..bafe275 100644
--- a/test/index.js
+++ b/test/index.js
@@ -311,6 +311,49 @@ describe('send(ctx, file)', function(){
       })
     })
   })
+  describe('.hidden option', function() {
+    describe('when trying to get a hidden file', function(){
+      it('should 404', function(done){
+        var app = koa();
+
+        app.use(function *(){
+          yield send(this, 'test/fixtures/.hidden');
+        });
+
+        request(app.listen())
+        .get('/')
+        .expect(404, done);
+      })
+    })
+
+    describe('when trying to get a file from a hidden directory', function(){
+      it('should 404', function(done){
+        var app = koa();
+
+        app.use(function *(){
+          yield send(this, 'test/fixtures/.private/id_rsa.txt');
+        });
+
+        request(app.listen())
+        .get('/')
+        .expect(404, done);
+      })
+    })
+
+    describe('when trying to get a hidden file and .hidden check is turned off', function(){
+      it('should 200', function(done){
+        var app = koa();
+
+        app.use(function *(){
+          yield send(this, 'test/fixtures/.hidden', {hidden: true});
+        });
+
+        request(app.listen())
+        .get('/')
+        .expect(200, done);
+      })
+    })
+  });
 
   it('should set the Content-Type', function(done){
     var app = koa();