IMO, It's not correct to set all the files on your website to be owned by the web-server (www-data for example). 'www-data' should only be the owner of any directory it requires write access to such as upload directory or cache directory.

If you give www-data ownership of all the files and someone discovers a security flaw in your php code then your webserver can now overwrite any files in the system that it owns. i.e. the security flaw can be escalated. Any process that can be controlled by an external agent should have the absolute minimum of ownership.

If all the web files are owned by you (except cache and uploads) this flaw won't allow the files to be overwritten. Now it may allow a file to be uploaded to an upload directory but because the directory is outside public it cannot be accessed.

sudo chown -R you:you /path/to/your/root/directory

sudo chown -R www-data /path/to/your/uploads

sudo chown -R www-data /path/to/your/cache

This also means you don't need to add yourself to the www-data group for ftp etc.