How to Secure Your Web Hosted FTP - dummies

How to Secure Your Web Hosted FTP

By Peter Pollock

You will need to secure your web hosted ftp. You can make your FTP uploads and downloads more secure in one of two ways: through Secure File Transfer Protocol (SFTP) or Transport Layer Security (TLS).

Web hosted SFTP

SFTP is a more secure way of uploading and downloading files than FTP. When you use FTP, data is sent unencrypted, so someone who intercepts the data can easily read it. SFTP encrypts the commands and the data to provide a much more secure form of transport.

To use SFTP (also known as secure FTP or SSH file transfer protocol), your host has to have configured the server to be able to accept a secure connection from you. Most shared hosts do not allow this because giving clients SSH access opens doors for clients to get into areas of the server that the host does not want them messing with.

The FTP and SFTP protocols work quite differently, and your host needs to have opened a specific port and allowed you SSH login permission to be able to connect with SFTP. If you do have SFTP access, the following steps show how to make a connection using FileZilla. Other clients may differ slightly in layout but require that you enter the same information:

  1. In your FTP client, select File→Site Manager and create a new site.

  2. Select the Protocol drop-down box and click SFTP.

    The Site Manager dialog box opens.


  3. Enter the Host name, Username, and Password, which are normally the same as you would use with FTP.

  4. Enter the correct setting in the Port field.

  5. Click Connect and your client attempts to negotiate a secure connection.

    If the client cannot connect, check with your host to confirm whether it allows SFTP connections.

Web hosted TLS

TLS offers a similar level of security to SFTP but is favored more highly by hosts because it does not require that the client have SSH access to the server.

The following steps describe how to connect using TLS and FileZilla:

  1. Choose File→Site Manager and create a new site or select an existing one.

  2. Enter your FTP details as normal.

  3. Click in the Encryption drop-down box and select either Explicit TLS or Implicit TLS.


  4. Connect as normal.