When you first install WordPress or upload any files using an FTP Client, such as FileZilla, it's more secure to connect via SFTP.
Why upload WordPress files using SFTP?
The majority of FTP Client users connect to their server via FTP. Unfortunately, using this method uploads your files in plain text format.
This poses a security risk. Use SFTP instead of FTP so that it eliminates the security concern of using FTP. Whereas SFTP encrypts both commands and data, which prevents passwords and sensitive information from being transmitted over the network in clear format.
For example, when you upload your wp-config.php file it contains your database name, username, password, host and table prefix. That's information I certainly don't want to share and I'm sure you don't either.
Instead, connect to your server via SFTP – SSH File Transfer Protocol. Using SFTP encrypts your data (looks like a bunch of garblely gook) during the upload process, making it much more secure. For more information on SFTP and encryption, click here.
How to upload WordPress files via SFTP using FileZilla
- Download and install FileZilla.
- Open Filezilla (Start > All Programs > FileZilla).
- From the File menu, click on “Site Manager” (top left corner of program).
- Click the “New Site” button (bottom left of Site Manager window).
- Give your site a name so it displays on the left.
- On the right fill in your “Host” (generally your url or site's ip address without any http://www. For example: wpsecuritylock.com).
- Enter in the “Port” number that your hosting provider uses to connect via SFTP. Generally 22. (HostGator uses 2222).
- Click the dropdown next to “Server Type” and choose SFTP (second option down).
- Change the dropdown next to “Logon Type” to “Normal.”
- Enter in your User name.
- Enter in your Password.
- Click the “Connect” Button.
- After the server connects the first time, you will see a popup with the SSL certificate for the server. Click “Yes” to accept.
- If you successfully entered in your information, you will be connected via SFTP. You can verify this by looking at the top left corner above “File” and see your site name – sftp://yourhost:22.
Here's a sample screen shot connecting to SFTP with FileZilla:
If you are unable to connect with SFTP contact your hosting company to see if SFTP is enabled on your web server and you that have the right port number.
Caution: If your hosting company says you need to enable SSH on your server it may erase all your site content or database. Ask your hosting provider specifically if this will happen before you enable it. Or if your hosting provider doesn't offer it, that's a red flag. MOVE HOSTS!
If you're on GoDaddy and it doesn't work, try Server Type “FTPES – FTP over explicit TLS/SSL and try port 21. If you're on their Northland server it should work. FTPES also encrypts your data so it's the next best thing.
You can also read GoDaddy's article here on other ways to test it.
As they say, the best defense is a good offense. So take your WordPress security seriously and do what YOU can to make your blog a safer placer for your visitors and yourself.
And if you'd like me to help, click here!
Leave your feedback
When you upload files to your WordPress blog do you use SFTP? What FTP program do you use or like the best (FileZilla, FireFTP, CoreFTP, CoreFTP, etc…?