diff --git a/scripts/actions/reset_default_app b/scripts/actions/reset_default_app
index a65d919..a787de8 100755
--- a/scripts/actions/reset_default_app
+++ b/scripts/actions/reset_default_app
@@ -78,12 +78,15 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron.
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
 
 # Reset permissions
 find $final_path/ -type f -print0 | xargs -0 chmod 0644
 find $final_path/ -type d -print0 | xargs -0 chmod 0755
 
+# Remove permissions for others
+chmod 640 $final_path/wp-config.php
+
 #=================================================
 # UPGRADE FAIL2BAN
 #=================================================
diff --git a/scripts/install b/scripts/install
index ff4d8f6..687ccba 100644
--- a/scripts/install
+++ b/scripts/install
@@ -241,7 +241,8 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron.
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
+chmod 640 $final_path/wp-config.php
 
 #=================================================
 # SETUP FAIL2BAN
diff --git a/scripts/restore b/scripts/restore
index d77447c..ecf9787 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -91,7 +91,8 @@ ynh_system_user_create --username=$app
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
+chmod 640 $final_path/wp-config.php
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
diff --git a/scripts/upgrade b/scripts/upgrade
index a104e38..c2ef498 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -220,7 +220,7 @@ then
     ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
 
     ynh_systemd_action --service_name=nginx --action=reload
-	
+
 	plugin_network="--network"
 else
 	multisite=0
@@ -276,7 +276,8 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron.
 # Files have to be own by the user of wordpress. To allow upgrade from the app.
 chown -R $app: $final_path
 # Except the file config wp-config.php
-chown root: $final_path/wp-config.php
+chown root:$app $final_path/wp-config.php
+chmod 640 $final_path/wp-config.php
 
 #=================================================
 # UPGRADE FAIL2BAN