# Prevent PHP execution in uploads directory
<FilesMatch "\.php$">
    Deny from all
</FilesMatch>

# Prevent access to .htaccess file
<Files ".htaccess">
    Deny from all
</Files>

# Allow image files
<FilesMatch "\.(jpg|jpeg|png|gif|webp)$">
    Allow from all
</FilesMatch>