diff --git a/scripts/install b/scripts/install
index 82a89c3..3a5e43c 100644
--- a/scripts/install
+++ b/scripts/install
@@ -162,11 +162,13 @@ ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.
 #=================================================
 
 # Set permissions to app files
-chown -R root: $final_path
-chown -R $app: $final_path/db
-chmod -R 750 $final_path/db
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app: "$final_path"
 
-chown -R $app:$app /etc/wireguard
+chmod 750 /etc/wireguard
+chmod -R o-rwx /etc/wireguard
+chown -R $app: /etc/wireguard
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
diff --git a/scripts/restore b/scripts/restore
index 267f725..237e265 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -75,9 +75,13 @@ ynh_restore_file --origin_path="/etc/sudoers.d/${app}_ynh"
 #=================================================
 
 # Restore permissions on app files
-chown -R root: $final_path
-chown -R $app: $final_path/db
-chmod -R 750 $final_path/db
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app: "$final_path"
+
+chmod 750 /etc/wireguard
+chmod -R o-rwx /etc/wireguard
+chown -R $app: /etc/wireguard
 
 #=================================================
 # SPECIFIC RESTORATION
diff --git a/scripts/upgrade b/scripts/upgrade
index 11df9ea..57c79b3 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -199,10 +199,14 @@ ynh_replace_string --match_string="__PORT_WG__" --replace_string="$port_wg" --ta
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-# Set permissions on app files
-chown -R root: $final_path
-chown -R $app: $final_path/db
-chmod -R 750 $final_path/db
+# Set permissions to app files
+chmod 750 "$final_path"
+chmod -R o-rwx "$final_path"
+chown -R $app: "$final_path"
+
+chmod 750 /etc/wireguard
+chmod -R o-rwx /etc/wireguard
+chown -R $app: /etc/wireguard
 
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST