You should prevent execution / access of php scripts in directories where php scripts should not exist, such as images / uploads folder. To do this, insert the following lines into your .htaccess file:
Require all denied
Deny from all
The advantage of this is that even when malicious content gets injected like phishing html pages or php scripts, they can be placed into these directories but cannot be executed as such.