Dave McCourt thinks some thoughts...

WordPress uploads htaccess

Posted in: Code snippets, WordPress

Add the relevant code snippet into a .htaccess file inside your /wp-content/uploads/ folder

# NGINX
# Secure /uploads/ directory from unwanted file types
#
<Files ~ ".*..*">
Order Allow,Deny
Deny from all
</Files>
<FilesMatch ".(pdf|svg|doc|docx|xlsx|xls|ppt|pptx|jpg|jpeg|jpe|gif|png|tif|tiff)$">
Order Deny,Allow
Allow from all
</FilesMatch>
# APACHE
# Secure /uploads/ prevent PHP from being executed (it can be run from inside image files)
php_flag engine off