# Disable script execution in uploads
<IfModule mod_php7.c>
    php_flag engine off
</IfModule>
<IfModule mod_php.c>
    php_flag engine off
</IfModule>

# Prevent CGI execution
Options -ExecCGI

# Deny access to .php and other server-side files if necessary
<FilesMatch "\.(php|phtml|php3|pl|py|jsp|sh)$">
    Require all denied
</FilesMatch>
