Dave McCourt thinks some thoughts...

WordPress uploads htaccess

Posted in: Code snippets, WordPress

Add the relevant code snippet into a .htaccess file inside your /wp-content/uploads/ folder

# Secure /uploads/ directory from unwanted file types
<Files ~ ".*..*">
Order Allow,Deny
Deny from all
<FilesMatch ".(pdf|svg|doc|docx|xlsx|xls|ppt|pptx|jpg|jpeg|jpe|gif|png|tif|tiff)$">
Order Deny,Allow
Allow from all
# Secure /uploads/ prevent PHP from being executed (it can be run from inside image files)
php_flag engine off