FTP vs SFTP

This post is part of a new series designed to help developers who are just starting out understand some basics and how they relate to WordPress. This third post is about FTP including its cousin the secure version (SFTP), and will attempt to explain the difference between the two and why they matter if you’re developing a WordPress site.

FTP stands for File Transfer Protocol and has been around since 1971. Yes, people actually used computers way back then, but not a large percentage of the population like today. It’s a standard network protocol and it’s used to transfer files from one host to another over a TCP based network like the internet. TCP stands for Transmission Control Protocol in case you ever play Jeopardy.

FTP was built on a client-server architecture and still is in use today. It uses separate control and data connections between the client (e.g. user or developer) and the server (e.g. host). FTP users authenticate themselves using a username/password in most cases (although they can connect anonymously if server allows it).

To make things secure and encrypt the content, FTP is often secured via SSL/TLS which we talked about in a previous article and it’s called FTPS in this case, which stands for File Transfer Protocol Secure. This is also referred to as FTP Secure, FTP-SSL, and FTP-ES. This is different than SFTP though. We’ll get to that later after we have a good grasp on what FTP is.

To connect with FTP users typically use a client. Back in the old days these were command-line driven but nowadays there are many that feature a nice easy to use graphical interface. Many modern web browsers can even retrieve files hosted on FTP servers, although they may not support FTPS. You can even run a full-featured FTP client inside of Firefox using an extension called FireFTP. The more common and arguably better practice is to use one of the popular FTP clients such as FileZilla, Cyberduck (my favorite), Transmit (OSX only), or WinSCP. There are many other good options and too many to mention.

Now you might be saying to yourself… “I get what FTP is, what’s SFTP and why did Pagely® switch to it?” SFTP stands for SSH File Transfer Protocol. SSH stands for Secure Shell and is different than the SSL/TLS protocols which are used in FTPS discussed above. It is also different from FTP over SSH, which is the process of tunneling FTP through an SSH connection. Yes, it’s confusing, and you may need to read this article a couple times to get it straight as all the terminology is very similar.

So we know it’s FTP secured via the SSH protocol rather than SSL/TLS. That means it’s technologically different in the way it works, and just knowing that helps keep from confusing things. Unlike FTP, it is more secure in that it encrypts both commands and data, preventing passwords and sensitive info from being transmitted openly over a network connection. SFTP is also packed-based instead of text-based like FTP. That means it’s sending binaries rather than commands. By sending less actual data, it is not only more secure but also faster than FTP. That’s an added bonus.

Like this content? Meet Pagely.

Because file transfers are performed in-line over the main control connection (as opposed to opening and using a separate one like FTP), this means there’s only a single secure connection protected by firewalls. SFTP is inherently secure and there is no version that isn’t secure, so this also differs from FTP that has both secure and non-secure versions. You cannot turn off the encryption using AUTH commands like you can with FTP in some instances.

Finally, SFTP typically has better analytics. It’s able to deliver more data about the files such as permissions, date, time, size, and more. These are things not normally available via FTP, and that’s because the protocol is more robust for SFTP. Here at Pagely® we run everything via the more secure and faster SFTP, so just check to make sure your client supports it before trying to connect.

0 Comments