# SFTP not FTP for File Management



FTP for server file management *IS NOT SAFE* because passwords and data are transmitted in clear text. The answer? SFTP. Have a briefing.

wpCop compared the dangerous web protocol FTP with its wiser sibling, SFTP, in our Web Protocols 101. The good news, for once, is how super-simple SFTP is to implement. So no excuses. 😉

THIS IS A PLACEHOLDER FOR CONTENT 3rd PARA FROM THE TOP

Let's protect those WordPress files.

THIS IS A PLACEHOLDER FOR CONTENT 5th PARA FROM THE TOP

For this tutorial you'll need to have created the authentication keys that we use also for SSH terminal login (and, later in wpCop, for WordPress Dashboard administration). So if you've not yet then follow the Cop's WordPress SSL Admin guide or, at least, the section to create your keyset, placing the public key on the server.

Jolly good, carry on.

SFTP from the command line

Linux and Mac users have an SFTP-enabled terminal. Very nice but GUI's (graphic user interfaces or the visible front-ends) are often more practical for file exploring and management and, besides, SFTP command line tutorials abound online and we have bigger fish to fry. Here's a reference, nonetheless:

SFTP using S/FTP clients

With an SFTP-capable FTP client, SFTP is easy to use once you have your SSL authentication keys in place. Just opt for SFTP and in the options, hook up the local private key that we created in WordPress Administration Using SSL.

For Macs, Cyberduck quacks happy by supporting SFTP, other protocols, and our keys. For Windows-based Tunneliers, again, there's a built-in SFTP option. If you really want to use another client then you can but be aware: some clients such as FileZilla will adapt your key and it will no longer be passphrase protected.

For the record, FileZilla is compatible with the PuTTY key manager, Pageant, so, if you do want to use FileZilla then use PuTTY tools rather than Tunnelier.

The terminal-SFTP option aside, once any of these SFTP clients point to your key, their practical usage is the same as using FTP or, for that matter, is akin to using a file explorer.

THIS IS A PLACEHOLDER FOR CONTENT IN THE MIDDLE

Connecting up an S/FTP client

Your private key may be found automatically by the SFTP client in which case just add a New Site in the regular way, specifying to use the SFTP protocol option. Because we're using the stronger keyset authentication method no password is required, making login a breeze.

If you cannot log in automatically then edit your client's SFTP settings to add the key. So hold on, where is it?

Oops, hidden content alert!

Please share for 24 hours nag-free! Thank U 🙂

Or subscribe for full content, support & no nags!

And that's it. Just as you would have done with FTP, now log in with SFTP, and be happy that your connection credentials are properly mashed up.

Hopefully by now you've realized just how important are secure web protocols to help defend WordPress, where possible swapping http for https Dashboard login and, in the process, making the switch from FTP to SFTP a very simple process (in practice if not in theory!) As we progress through wpCop we'll be taking full advantage of SSL and other protocols for a raft of WordPress tasks and this initial learning curve will continue to pay off.

The next logical step, though, is to give the WordPress database a hug, securing what are by default remarkably insecure tools: administrative control panels like phpMyAdmin, so click that link for some wholesome hints.

THIS IS A PLACEHOLDER FOR CONTENT NEAR THE BOTTOM
THIS IS A PLACEHOLDER FOR CONTENT AT THE BOTTOM
Subscribe to Comments

Add a Comment