Block php files from being uploaded (using nginx)
If you find people trying to upload php into your wordpress site you can add this to your nginx config file location ~* /(?:uploads)/.*.php$ { deny all; access_log off; log_not_found off; }
Read More