Hi @ov3rfly, thanks for getting in touch.
The only reason a .htaccess (usually with content) should be written by Wordfence in the /wp-content/uploads folder is if you disable code execution for it in Wordfence > All Options > General Wordfence Options. The contents should mirror that shown in our documentation: https://www.wordfence.com/help/dashboard/options/#exec-uploads.
Can I confirm if you have this option enabled and there are no file permissions issue in your Wordfence > Tools > Diagnostics page?
Thanks,
Peter.
“Disable Code Execution for Uploads directory” is not enabled, empty checkbox is there.
No file permission issues in Diagnostics page.
Edit: Took a look at the “.htaccess file in the uploads directory” code in wfConfig.php and can not reproduce the problem in the code path. Weird. Will investigate more in next days.
Seems the effect is caused by WP-Optimize plugin image compression or WebP functionality even if is not enabled.
Not an issue in WordFence, thanks for quick response.