Thanks for that.
What I was focused on is preventing any executable files of any kind from being called from the uploads directory. I'm aware of a site that was infected with a malicious php script and I really, really don't want to be next. But the PHPot php file has to be accessible or I break my honey pot.
Having spent a couple of days learning, I'm now reconsidering that maybe the more widespread example of banning everything except a specific list is the right way to go.
Not sure why I think someone might need to upload something other than an image or pdf, just had a nagging itch. It occurs to me now that if it ever does come up, I can always edit the htaccess file then (laugh).
Is it safe or correct to have running Files / FilesMatch blocks? So for example:
# Only allow jpg, jpeg, png, gif, and pdf files.
Allow from all
# But allow PHPot file
allow from all
And will the Order statement be affected by the one in my root .htaccess file where I have it reversed to protect the config file while not blocking the whole site:
deny from all