diff --git a/scripts/_common b/scripts/_common
index 54a66f2..8ecb4ad 100644
--- a/scripts/_common
+++ b/scripts/_common
@@ -15,3 +15,8 @@ extract_source() {
     || ynh_die "Unable to extract source tarball"
   sudo rm "$rc_tarball"
 }
+
+ynh_secure_rm () {
+    [[ "/var/www /opt /home/yunohost.app" =~ $1 ]] \
+        || (test -n "$1" && sudo rm -Rf $1 )
+}
\ No newline at end of file
diff --git a/scripts/remove b/scripts/remove
index 368aa72..fcc1afb 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -5,6 +5,7 @@ set -u
 
 # Source app helpers
 source /usr/share/yunohost/helpers
+source ./_common
 
 # Get multi-instances specific variables
 app=$YNH_APP_INSTANCE_NAME
@@ -12,7 +13,7 @@ app=$YNH_APP_INSTANCE_NAME
 # Retrieve arguments
 domain=$(ynh_app_setting_get "$app" domain)
 
-sudo rm -rf /var/www/$app
-sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf
+ynh_secure_rm /var/www/$app
+ynh_secure_rm /etc/nginx/conf.d/$domain.d/$app.conf
 
 sudo systemctl reload nginx
\ No newline at end of file
diff --git a/scripts/upgrade b/scripts/upgrade
index beb608d..2e06946 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -23,7 +23,21 @@ final_path=/var/www/$app
 sudo mkdir -p $final_path
 
 # Clean all files and directory except the data directory 
-sudo rm -rf $final_path/{cfg,CREDITS.md,i18n,index.php,js,README.md,tmp,CHANGELOG.md,css,favicon.ico,img,INSTALL.md,lib,robots.txt,tpl}
+ynh_secure_rm $final_path/cfg
+ynh_secure_rm $final_path/CREDITS.md
+ynh_secure_rm $final_path/i18n
+ynh_secure_rm $final_path/index.php
+ynh_secure_rm $final_path/js
+ynh_secure_rm $final_path/README.md
+ynh_secure_rm $final_path/tmp
+ynh_secure_rm $final_path/CHANGELOG.md
+ynh_secure_rm $final_path/css
+ynh_secure_rm $final_path/favicon.ico
+ynh_secure_rm $final_path/img
+ynh_secure_rm $final_path/INSTALL.md
+ynh_secure_rm $final_path/lib
+ynh_secure_rm $final_path/robots.txt
+ynh_secure_rm $final_path/tpl
 
 # Copy files to the right place
 extract_source $final_path