diff --git a/templates/etc/nginx/sites-available/_wordpress.j2 b/templates/etc/nginx/sites-available/_wordpress.j2
index b99565d..ca560c5 100644
--- a/templates/etc/nginx/sites-available/_wordpress.j2
+++ b/templates/etc/nginx/sites-available/_wordpress.j2
@@ -3,3 +3,9 @@
 {% block template_try_files %}
 	try_files $uri $uri/ /index.php?$args;
 {% endblock %}
+
+{% block template_custom_location %}
+	location ~* /(?:uploads|files)/.*\.php$ {
+		deny all;
+	}
+{% endblock %}