Thank you. I’ve added the code you suggested to my sites as described and also added the same to the wp-includes folder.
On one of my sites, I discovered I already had a .htaccess in the wp-content/uploads/ folder containing the following:
Options -Indexes <Files *.php> deny from all </Files>
Would you recommend modifying this?