To restrict the access to files and folders, any decent filesystem supports the concept of filesystem permissions. The most basic form are the traditional Unix permissions (and that's what you most likely have to deal with on your webserver). Basically each file and folder has three attributes:
For CMSimple_XH no file has to be executable, but most folders have to (for folders executable means, that the content of the folder may be accessed). The numbers in parentheses are the value for the respective attribute. Just add these to get the resulting permissions. E.g.:
Furthermore every file and folder has an owner and belongs to a group. The permissions can be set individually for the owner, the group (i.e. all users that are member of the group) and for everybody. So the permissions for a file are expressed as three digits 1), e.g. 640 means the file owner may read and write the file, any member of the file group may read the file, and all other users may not even read it.
That might sound very complicated, but in practice it's quite simple, as it just matters if a file/folder is writable or not:
And it's important which user accesses the file: the owner or somebody else. This depends on how PHP is executed by the webserver. If it is running as (F)CGI, the user is typically the owner of the file, otherwise not. You can look up how it's handled on your server in the PHP info under “Server API”.
If the user is the owner of the file, it's sufficient to set any write permissions only for the owner:
Otherwise you should set write permissions for everybody:
If in doubt – try it out!
This can be done with any decent FTP client. How it works exactly depends on the FTP client, so you should look that up in its documentation. For FileZilla there's a short video tutorial on Youtube.
Of course you can give full permissions to all files and folders (i.e. 777), and CMSimple_XH will work well. But that sacrifices security, as somebody might be able to modify a file, that shouldn't be modified. So for maximum security set only the necessary permissions, i.e. write protect all files and folders except those who need write permissions. Which files and folders need write permissions is explained in installation.