# Prevent direct access to uploads folder
Options -Indexes

# Deny all PHP files in uploads
<FilesMatch "\.php$">
    Order Deny,Allow
    Deny from all
</FilesMatch>

# Only allow certain file types
<FilesMatch "\.(jpg|jpeg|png|gif|pdf|txt|doc|docx)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

# Set default charset
AddDefaultCharset UTF-8

# Security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>
