Confused by the difference between FTP vs SFTP? If you want to connect to your website’s server to transfer or manage files, the easiest solution is to use an FTP client. But when you’re configuring your FTP client, you might see that it supports both FTP and SFTP.
So, what’s the difference between FTP vs SFTP? And is it better to use one over the other?
Well, the short answer is that SFTP is a lot more secure than FTP, which is why we only offer SFTP here at Kinsta and recommend that all our users use SFTP.
For the longer answer, you can keep reading and we’ll take you through everything that you need to know about these two protocols and which one you should use.
FTP vs SFTP Explained
First, let’s talk about what’s the same between FTP vs SFTP.
Both protocols let you use an FTP client, like FileZilla, to connect to your website’s servers. To the end-user (you), there’s pretty much zero difference in experience between FTP and SFTP. With both protocols, you’ll be able to:
- Connect to your server
- Browse all of the files on your server (even the hidden ones)
- Upload files from your local computer to your server
- Download files from your server to your local computer
- And so on…
However, there are some key differences under the hood, which is why it’s important to understand the difference between FTP vs SFTP.
Let’s go through it in more detail.
What Is FTP?
FTP is short for File Transfer Protocol. Using the client/server model, FTP supports the direct transfer of files between your chosen FTP client and your web server.
FTP uses two separate channels to transfer information: a command channel and a data channel. By default, both of these channels are unencrypted, which means malicious actors could potentially eavesdrop on the information that you’re transferring.
What Is SFTP?
SFTP is short for SSH File Transfer Protocol, though it’s also commonly called Secure File Transfer Protocol.
SFTP offers the same basic function as FTP, but it uses tunneling and performs file transfers over SSH, which is different from FTP’s client-server and direct transfer approach.
So, what is SSH?
SSH, short for Secure Shell, is a cryptographic protocol that offers secure access to a machine (your server, in this case) over unsecured networks.
SFTP only uses a single channel and lets you authenticate your client using either a username/password or SSH cryptographic keys.
What’s the Difference Between FTP vs SFTP, Then?
The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn’t.
With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted. This means that malicious actors can’t sit in the middle and intercept your data – everything you transfer is always encrypted.
With FTP, you need to authenticate with a username and password when you initially connect. However, the data that passes between your web server and FTP client isn’t encrypted, which means that a malicious actor could theoretically eavesdrop on that information.
This would be especially dangerous if you were transferring files with sensitive information. For example, with a WordPress site, you could be transferring the wp-config.php file, which includes your database credentials, along with other critical settings.
If a malicious actor got their hands on this file, they would have everything they need to take over your WordPress site.
That’s the big takeaway:
While both protocols let you transfer files between your client and server, SFTP is much more secure than FTP.
Should You Use FTP or SFTP?
As is probably clear by now, you should always use SFTP over FTP because SFTP offers a more secure way to connect to your server and transfer information.
Because SFTP is a more secure method, Kinsta only supports SFTP connections.
If you’re hosting your WordPress site at Kinsta, you can follow this guide to learn how to connect to your server via SFTP.
Save time, costs and maximize site performance with:
- Instant help from WordPress hosting experts, 24/7.
- Cloudflare Enterprise integration.
- Global audience reach with 34 data centers worldwide.
- Optimization with our built-in Application Performance Monitoring.
All of that and much more, in one plan with no long-term contracts, assisted migrations, and a 30-day-money-back-guarantee. Check out our plans or talk to sales to find the plan that’s right for you.