The best-known way to upload a website's files to a server is FTP. But saying "FTP" often means making the worst possible choice in terms of security. The right choice is almost always SFTP. This guide explains the difference between the two protocols and secure file transfer to a server.
Related reading: Connecting to a server with SSH · Linux file permissions · Server backup with rsync
What Is FTP?
FTP (File Transfer Protocol) is one of the internet's oldest protocols, used to transfer files between a computer and a server. It is functional — it uploads and downloads files. But it has a critical flaw: FTP sends data without encryption.
This means: when you connect with FTP, your username, password and all file contents travel over the network as plain text. Someone listening on the same network can read this information. That is why classic FTP is a protocol that should not be used on the modern web.
What Is SFTP?
SFTP (SSH File Transfer Protocol) does file transfer over the SSH protocol. If you can connect with SSH, you can use SFTP too without any extra setup — because SFTP is a part of SSH.
In SFTP, the entire connection — including credentials and file contents — is encrypted. It also supports authentication with an SSH key, which makes it more secure than password-based access.
Comparing FTP, FTPS and SFTP
| Protocol | Encryption | Recommendation |
|---|---|---|
| FTP | None — plain text | Do not use |
| FTPS | Yes — TLS added to FTP | Acceptable |
| SFTP | Yes — over SSH | Recommended |
Although their names are similar, FTPS and SFTP are different protocols: FTPS is old FTP with TLS encryption added; SFTP is entirely SSH-based. For most modern server environments, SFTP is the most practical and secure choice.
Clients for File Transfer
You need a client to transfer files with SFTP. For those who want a graphical interface, tools like FileZilla, WinSCP or Cyberduck are common — they ask for the server address, username and SSH key (or password) as connection details. For those who prefer the command line, the sftp command or, for one-off transfers, scp can be used.
# Connect with SFTP from the command line
sftp user@server_ip
# Upload a single file with scp
scp file.zip user@server_ip:/var/www/site/Frequently Asked Questions
Should FTP really never be used?
Unencrypted classic FTP should be avoided. If a host only offers FTP, at least check whether it supports FTPS (FTP with TLS). Where possible, choose a host that supports SSH/SFTP.
Can I create a separate user for SFTP?
Yes, and it is recommended. Creating a restricted SFTP user that can access only a specific directory prevents a file uploader from accessing the whole server. Our user management guide shows the way on this.
I uploaded a file but it does not appear on the site?
There are two common causes: the file was uploaded to the wrong directory, or the file permissions/ownership are wrong. Make sure the file is in the web server's root directory and has the correct permissions.
Manage your site comfortably with SSH/SFTP support and secure file management on KEYDAL hosting solutions. Explore KEYDAL hosting