To understand SFTP, we first need to define FTP. File Transfer Protocol FTP) is the standard way to transfer files from your computer to another computer through a client-server connection, for example the internet. While it sounds simple enough, the drawback is that transferring files via a FTP protocol is not encrypted, meaning security is not guaranteed. This is where Secure File Transfer Protocol (SFTP) comes into play. An extension of Secure Shell Protocol (SSH), SFTP adds a layer of encryption to your files so they are secure on the interim stages of transfer. SFTP also authenticates both the user and the server and uses port 22 by default to establish a secure connection.
How does it work?
With both FTP and SFTP, you’ll need a client such as FileZilla in order to connect to your website’s servers. Once you’ve downloaded your client, you’ll need to enter the following credentials to connect: IP address or hostname, username, password, or alternatively certificates, and port. Once you are connected to your site, you can upload files to your website, and if you opted for SFTP, it will be with the extra layer of encryption. However, keep in mind that uploading many small files via FTP is very slow. In this case it would make more sense to upload them as a zip and then extract it on a server.
With both FTP and SFTP you can browse all files on your server, upload files from your local computer to your server, and download files from your server to your local computer. Of course, for an added level of security, access is only made available through permissions. FTP providers will provide two layers of folder access permissions: read and write. Read only allows files to be downloaded, while write allows files to be uploaded and deleted.
Difference between FTP, File Manager, and uploading from WordPress
While FTP and File Manager can lead to the same goals, they are not the same tools. In the case of FTP, it is the process of transferring files between computers. In order to use it, you would need to download and install an external client application. File Manager, on the other hand, is a tool that comes with your web hosting control panel interface and is accessible as long as you are connected to your hosting account. Alternatively, there are also File Manager plugins that allow you to perform file management tasks from the WordPress dashboard, rather than logging into your web hosting control interface.
When using the admin area of WordPress, you may also be able to upload files, meaning you can transfer files to your site without FTP. However, if there is an issue with your WordPress site, you can still use FTP to upload files, plugins, or themes manually, as you work to fix the WordPress issues. On the other hand, if there is an error in WordPress proper, you can’t use its file manager plugins or WP uploader.
File Manager and WordPress uploads can still use FTP “under the hood”, so to speak. A web interface would need to be added in this case.
When to use SFTP?
If FTP is the standard for data transfer in general, SFTP is the standard for secure data transfer. It’s understandably used across all industries and enterprises, as well as by just regular users who care about data encryption. While you should always be cautious about uploading sensitive data like passwords, payrolls, credit card info, users’ personal information, etc., to a server, if you have to, it should always be transferred using SFTP. Just as you would need https for a website that will receive sensitive data. And make sure the right permissions are set where you upload files to. Even when it’s regular data and a very trustworthy server, taking precautions for security is always worth it.