# Prevent direct access to uploaded files
<FilesMatch "\.(php|php5|phtml)$">
    Deny from all
</FilesMatch>

# Disable script execution
<Files *.php>
    Deny from all
</Files>

# Allow only specific file types
<FilesMatch "\.(jpg|jpeg|png|gif|pdf|doc|docx|xlsx)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>