Add the following code in your .htaccess file in images folder for not to execute PHP in images folder:

order allow,deny
deny from all

# secure directory by disabling script execution
AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
Options -ExecCGI

That’s it!!!