diff --git a/scripts/install b/scripts/install
index 375add7..9fd36ef 100644
--- a/scripts/install
+++ b/scripts/install
@@ -160,12 +160,13 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex=
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
 # Restrict rights to Wallabag user only
 chmod 600 $wb_conf
-
-# Set permissions to app files
-chown -R $app: $final_path
-chmod 755 $final_path
+chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php -f
 
 #=================================================
 # SETUP HOOKS
diff --git a/scripts/restore b/scripts/restore
index ec62624..df232fe 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -66,8 +66,15 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================
 
-# Restore permissions on app files
-chown -R $app: $final_path
+wb_conf=$final_path/app/config/parameters.yml
+
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
+# Restrict rights to Wallabag user only
+chmod 600 $wb_conf
+chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php -f
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 1170198..4e10fe0 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -191,12 +191,13 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
 # Restrict rights to Wallabag user only
 chmod 600 $wb_conf
-
-# Set permissions to app files
-chown -R $app: $final_path
-chmod 755 $final_path
+chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php -f
 
 #=================================================
 # SETUP HOOKS