# Deny execution of PHP in upload directories
<FilesMatch "\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Deny from all
    </IfModule>
</FilesMatch>

# Only allow image files
<FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|bmp)$">
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
</FilesMatch>
