This post is part of a new series designed to help developers who are just starting out understand some basics and how they relate to WordPress. This post is about FTP including its cousin the secure version (SFTP), and will attempt to explain the difference between the two and why they matter if you’re developing a WordPress site.
What is FTP?
FTP stands for File Transfer Protocol and has been around since 1971. Yes, people actually used computers way back then, but not a large percentage of the population like today. It’s a standard network protocol and it’s used to transfer files from one host to another over a TCP based network like the internet. In case you ever play Jeopardy, TCP stands for Transmission Control Protocol.
FTP Client-Server Architecture
FTP was built on a client-server architecture and is still in use today. It uses separate control and data connections between the client (e.g. user or developer) and the server (e.g. host). In most cases, FTP users authenticate themselves using a username/password (although they can connect anonymously if the server allows it).
Securing FTP with TLS/SSL
To encrypt the content, FTP is often secured via SSL/TLS which we talked about in a previous article and it’s called FTPS in this case, which stands for File Transfer Protocol Secure. This is also referred to as FTP Secure, FTP-SSL, and FTP-ES. This is different from SFTP though, and we’ll get to that later after we have a good grasp on what FTP is.
To connect with FTP, users typically use a client. Back in the old days, these were command-line-driven, but nowadays, there are many that feature a nice, easy-to-use graphical interface. Most modern web browsers can even retrieve files hosted on FTP servers. The more common, and arguably better practice, is to use one of the popular FTP clients such as FileZilla, Cyberduck (my favorite), Transmit (OSX only), or WinSCP. There are many other good options and too many to mention.
Now, you might be saying to yourself… “I get what FTP is, what’s the deal with SFTP?” SFTP stands for SSH File Transfer Protocol. SSH stands for Secure Shell and is different from the SSL/TLS protocols which are used in FTPS. It’s also different from FTP over SSH, which is the process of tunneling FTP through an SSH connection.
So, we now know that SFTP is FTP secured via SSH protocol rather than SSL/TLS. Unlike FTP, it is more secure since it encrypts both commands and data, preventing passwords and sensitive info from being transmitted openly over a network connection. SFTP is also packed-based instead of text-based like FTP, which means it’s sending binaries rather than commands. By sending less actual data, it’s not only more secure but also faster than FTP. That’s an added bonus.
Because file transfers are performed in-line over the main control connection (as opposed to opening and using a separate one like FTP), this means there’s only one secure connection, protected by firewalls. SFTP is inherently secure and there is no version that isn’t secure, so this also differs from FTP that has both secure and non-secure versions. You also cannot turn off the encryption using AUTH commands like you can with FTP in some instances.
Finally, SFTP typically has better analytics. It’s able to deliver more data about the files such as permissions, date, time, size, and more. These are things not normally available via FTP, and that’s because the protocol is more robust for SFTP. Here at Pagely, we run everything fast and secure via SFTP, so just check to make sure your client supports it before trying to connect.
In conclusion, while FTP remains widely used, SFTP offers enhanced security, faster transfer speeds, and more robust analytics. By leveraging the SSH protocol, SFTP encrypts both commands and data, ensuring the confidentiality and integrity of your file transfers. If you’re developing a WordPress site, we encourage you to embrace the secure and efficient capabilities of SFTP.