diff --git a/scripts/install b/scripts/install
index a5a402b..5d41a13 100644
--- a/scripts/install
+++ b/scripts/install
@@ -190,9 +190,13 @@ ynh_store_file_checksum --file="$final_path/protected/config/common.php"
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions to app files
+# Set permissions on app files
 chown -R root: $final_path
 
+# Remove permission to others than $app and www-data (nginx user)
+chmod o-rwx $final_path
+chown $app:www-data $final_path
+
 chown -R $app $final_path/assets
 chown -R $app $final_path/protected/config
 chown -R $app $final_path/protected/modules
diff --git a/scripts/restore b/scripts/restore
index 1e017c7..ca8c817 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -72,9 +72,13 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================
 
-# Restore permissions on app files
+# Set permissions on app files
 chown -R root: $final_path
 
+# Remove permission to others than $app and www-data (nginx user)
+chmod o-rwx $final_path
+chown $app:www-data $final_path
+
 chown -R $app $final_path/assets
 chown -R $app $final_path/protected/config
 chown -R $app $final_path/protected/modules
diff --git a/scripts/upgrade b/scripts/upgrade
index 085e671..2dde7ab 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -144,6 +144,10 @@ ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/${app}"
 # Set permissions on app files
 chown -R root: $final_path
 
+# Remove permission to others than $app and www-data (nginx user)
+chmod o-rwx $final_path
+chown $app:www-data $final_path
+
 chown -R $app $final_path/assets
 chown -R $app $final_path/protected/config
 chown -R $app $final_path/protected/modules