Quoting from the Article...
2. Kill PHP execution.
Often the weakest link in any WordPress chain is the /uploads/ directory. It is the only directory that needs to be writable in your installation. You can make it more secure by preventing anyone from executing PHP. It’s simple to do. Add the following to the .htaccess file at the root of the directory. If the file doesn’t exist, create it.
Deny from All
...this could be helpful to protect the /uploads folder, but how it could be beaten would be if the hackers file was named something like this - hackerPHPFileDisguisedAsAJPGFile.php.jpg.
Currently BPS does not have .htaccess coding to protect the /uploads folder in a specific way and only has general security protection, but specific .htaccess security coding for the /uploads folder will eventually be added. What needs to be worked out first is how not to interfere with normal image uploading and image retrieval and still prevent exploits such as the one I just pointed out.
Offhand the simplest method would be to look at the file name and if it contains the pattern ".php" anywhere in the file name then do X.
This Regex would match both .php and .php. so it would be a little better to use.
Deny from all
And another thing to consider and factor in is forcing the MIME Type, which i think WP is already doing anyway.