How to block direct access to wp-content


Hi, I would like to block direct access to files uploaded to wp-content.

So I tried to add:

location = /wp-content/ {
     valid_referers none blocked server_names * domain.* ;
     if $invalid_referer {
          deny all;

But then nginx -t gives a “invalid condition "$invalid_referer"”. I think the ngx_http_referer_module is not by included by default.

Is there any other method to achieve this? Thanks,