NGINX: Returning 403 on .php files

I'm trying to serve the static files from a Wordpress installation and I'm using a symbolic link placed in the NGINX folder pointing to the wp-content/uploads folder.

Every file is being served correctly, but unfortunately there are some plugins that include some of their .php files inside this folder, so NGINX serve them as static 开发者_开发问答files, leading to potential security risks.

Is there any way to instruct NGINX to return a Forbidden 403 error when trying to access .php files?

Thanks in advance.

You can exclude an extension under a location block using a sub location

E.G.

location /wp-content/uploads {
    location ~ \.(php|any|other|ext)$ {
        return 403;
    }

    ....

}