FTP stands for File Transfer Protocol, and it is simply a way to transfer files to and from a server on the Internet. It has become a standard way for website developers and site administrators to manage their sites.
A website is mostly files, and since FTP provides a great way to manage files, it’s perfect for managing websites.
sFTP, FTPS and plain FTP
Your website security depends on you not just securing itself, but all other access methods to your website. FTP is used to transfer files to and from your site and needs to be secure too.
FTP was originally a plain-text protocol. That means that it sent your username and password as plain unencrypted text across the network. This is a very bad idea because if anyone is listening in, for example on the WiFi at the coffee shop you’re visiting, they can grab your website username and password and gain access to your site.
If a hacker gains access to your FTP credentials, they can do a lot more damage than simply getting access to a lower privileged website account. They effectively have access to your entire website, even the files and directories outside your website installation. For this reason it is important to protect your FTP credentials.
sFTP is an improvement on FTP because it sends your username and password across the network encrypted. It uses a secure encryption protocol that works via the SSH (or secure shell) service. An alternative protocol exists called FTPS which is also secure. It works a little differently to sFTP because it uses TLS for encryption and works via an FTP server rather than via SSH. Both sFTP and FTPS are secure.
Securing Your Files Transferred with FTP
As part of your day-to-day operations with FTP, you will probably download a copy of some or all of the files on your website. These files contain sensitive information and in some cases contain usernames and passwords. The wp-config.php file, for example, contains the username and password for your database server.
For this reason it is important that you treat the security of your website files as seriously as the security of your website itself. These files include ZIP files that may contain backups of your site or the individual files themselves. If you store these files on your workstation, make sure you don’t lose your workstation or laptop. You should consider encrypting your hard drive or at the very least password protecting access to your workstation.
Don’t leave website files lying around on thumb drives or on portable drives that are insecure. Be careful where you store your website files online. Make sure you know who has access to the storage devices and services you use and don’t store unnecessary copies of your site.
We are Freelance Web Designer, driven to get your company better results online. You get strategy, design, development & marketing all under one roof.