Here’s a quick tip to help in securing your WordPress uploads folder from being abused by people uploading unauthorised file types.
Create a new blank file in your /wp-content/uploads/ folder called .htaccess
Add the following code:
[gist id=8143102 file=code-snippet-1.txt]
Modify line 5 and add in any file extensions that you may need to upload to your WordPress website such as pdf or mp4.