For each parent directory leading to your web root (e.g.
chmod go-rwx DIR(nobody other than owner can access content)
chmod go+x DIR(to allow “users” including _www to “enter” the dir)
sudo chgrp -R _www ~/my/web/root(all web content is now group _www)
chmod -R go-rwx ~/my/web/root(nobody other than owner can access web content)
chmod -R g+rx ~/my/web/root(all web content is now readable/executable/enterable by _www)
Proper way to set file permissions