Files should always be uploaded and set to chmod 644. The ONLY important exceptions to this are :
Whenever you upload files using cPanel FileManager then files will be set chmod 644 automatically. Unless your FTP software has been especially configured to set uploaded files to different permissions, then newly uploaded files will also be set to chmod 644 automatically.
Directories should always be uploaded and set to chmod 755.
Whenever you upload files using cPanel FileManager then directories will be set chmod 755 automatically. Unless your FTP software has been especially configured to upload directories with different permissions, then newly created directories will also be set to chmod 755 automatically.
But the installation notes for my PHP web application say otherwise!
Ignore them. Really. Software developers are often more interested in making their software work than the security of your website. You might be told that directories should be chmod 777 or even that files need to be chmod 755, but if you are just talking about a PHP based website then php files will operate just fine chmod 600 or 644.
The reason for this is that Apache serves PHP files via the suPHP CGI. This means that PHP files are served under your cPanel username's security context. And because your username owns your web files, you only have to grant Read and Write permissions to the owner (thus, chmod 600).
If in doubt, and you want your site to be as secure as possible, just ask us!