# Uploads folder – block direct script execution
<FilesMatch "\.(php|php3|php4|php5|phtml|pl|py|cgi|sh)$">
    Order Deny,Allow
    Deny from all
</FilesMatch>
Options -Indexes
