FTP security

FTP (port 21) is not considered a "secure" protocol. This means that incoming/outgoing data is unencrypted and in plain text. Because the data is unencrypted, an exceptionally sneaky person could eavesdrop on what you're sending.

For this reason, it's only recommended that you create an SFTP or Shell user and use port 22 when connecting.

SFTP is a network protocol designed to provide secure file transfer over the secure shell (SSH) protocol. SFTP is NOT just FTP run over SSH, but rather a new protocol. It is often called Secure FTP because it uses an encrypted transport layer.

To disable FTP access for a user:

1. Navigate to the FTP Users & Files page.

   

2. To the right of your username, click the vertical 3 dots button.
3. From the popout, click Deny insecure connections (FTP).

   The panel begins to update permissions for this user. When finished, a green checkmark displays.

   

When editing or adding a new domain and adding a new user during that process, it defaults to SFTP automatically and FTP is disallowed.

If you need FTP for some reason, you still have the option to allow insecure connections, but this is NOT RECOMMENDED. To allow insecure connections:

1. Navigate to the FTP Users & Files page.

   

2. To the right of your user, click the vertical 3 dots button.
3. From the popout, click Allow insecure connections (FTP).

   

4. Click Confirm Enabling FTP.

   The panel begins to update permissions for this user. When finished, a green checkmark displays.

   

5. Click the Login info button again to the right of the user.

   

   A messages displays notifying you that FTP is enabled:

If you have a VPS, you can completely disable FTP to further secure your server. Navigate to the VPS page. To the right of the server, click the Configure button.

Click the drop-down box to the right of 'FTP server' and select 'Inactive'. Finally, click Save ps123456's settings at the bottom to save.

When logging in to your account using SFTP you may notice some differences from what you would normally see when you logged in with a normal FTP user.

• You may notice that you can also access other directories above the /home directory. That's normal, as all users have some level of access to those directories. However, as a regular user you won't be able to view files that you don't have access to, nor are you able to harm the server.
• Hidden files/directories: On a Unix system, hidden files are those that begin with a period (.) in their name. As with FTP clients, SFTP clients usually have an option to "enable/disable viewing hidden files". If that is enabled, you'll be able to see these files/directories (if your user has permissions to do so). If you are having problems deleting a directory (assuming you have the correct permissions to delete) and it gives you an error saying "directory not empty", it may be that there are hidden files/directories in that directory that your client is not allowing you to see. Check your program options before going any further. If you do have the option enabled to view hidden files/directories and still cannot delete a directory, please contact support for assistance. Give support the server, user account, and full path to the directory you are trying to delete so they can investigate. View the How do I show hidden files? article for further information.