Your PHP files should have one of two possible permissions: 644 or 600.
644: If the file is going to be called through your web browser (for example, www.your-domain.com/index.php), it needs to be world-readable. Do not include important passwords or secret API keys in your world-accessible files, as this can provide access for hackers and malicious scripts.
600: If you have PHP files that are not directly accessed through the web browser, and are only referenced in other PHP files, it needs to be only readable by the owner. This is good for include files and files that contain important passwords and API keys.
You can adjust the file permissions in your FTP client or through the File Manager.
To adjust permissions in File Manager:
- Log into your eXtend Control Panel
- Click ‘File Manager’
- Double-click the directories until you are in the one that contains your script
- Click on your script
- Click on the Padlock icon (Chmod)
- Enter in 644 or 600 next to ‘Or enter a mode number’
- Click ‘Save’