Here’s a few facts about locking down the server when it comes to hosting PHP scripts.

1) No PHP file should ever require the X bit (ie. you should be able to set all PHP files to 744 – rxwr–r–)
2) All directories do need X bit so set all directories to (755 – rxwr-xr-x)

The following steps should be performed to properly set the file permissions

- chown -R user /direcory/to/receive/new/permissions
- chgrp -R group /directory/to/receive/new/permissions
- chmod -R 744 /directory/to/receive/new/permissions – (this changes all files and directories to rwxr–r–. so still need to set all directories with the X bit)
- find /dir/to/chmod/all/dirs -type d -exec chmod 755 {} \;