diff --git a/tasks/suexec.yml b/tasks/suexec.yml
index 2674ba464be2ef80b816b7b5cad3cbcdae1344be..128b0748a6613477fa5d058e2d845327b1ca9fd0 100644
--- a/tasks/suexec.yml
+++ b/tasks/suexec.yml
@@ -2,12 +2,18 @@
 - name: Install and configure Apache suEXEC
   block:
 
-    - name: suEXEC present
+    - name: Apache suEXEC package present
       apt:
         pkg:
           - apache2-suexec-custom
         state: present
 
+    - name: Apache suEXEC config directory only readable by root
+      file:
+        path: /etc/apache2/suexec
+        state: directory
+        mode: 0700
+
   tags:
     - apache
 ...