FTP security - Gregg Hosting

The affects of Web Hosts on Your Business Website

Here're ways your choice of web hosting service provider impacts the performance of your business:


Website loading speed


Uptime and availability


Customer support




Server location

FTP security

FTP security


The FTP protocol (port 21) is not considered to be a “secure” protocol. This means that all incoming and outgoing data is in plain text and unencrypted. Because the data is not secured, a very cunning individual could listen in on what you’re communicating.

As a result, it’s only suggested that you create an SFTP or Shell account and connect using port 22.

Difference between FTP and SFTP
SFTP is a network protocol for transferring files securely using the secure shell (SSH) protocol. SFTP isn’t just FTP over SSH; it’s a completely new protocol. Because it uses an encrypted transport layer, it’s commonly referred to as Secure FTP.

Setting an existing FTP user to an SFTP user
To convert an existing FTP user to an SFTP user, follow these steps:

To get started, go to the FTP Users & Files page.
Users display data
To open the user’s settings box, click the Show Info down arrow next to your hostname.
2019-11 panel new manage users 04.fw.png
Select Edit Access Settings from the drop-down menu.
Set user to SFTP
Check the box next to Secure connection (FTP access disabled).
Wait about 5 minutes for the updated settings to update after clicking the Save Changes button. You can then use port 22 to connect to your server.
Adding a user to the FTP server
When you change or add a new domain and create a new user, SFTP is automatically selected as the default and FTP is disabled.

You can deselect the checkbox Secure connection (FTP access disabled) for the newly created user if you need FTP for some reason, however this is NOT RECOMMENDED. You can do so by clicking ‘Show Info’ and then the Edit Access Settings link on the FTP Users & Files page:

Make the user an FTP user.
Disabling FTP on a VPS server
If you have a VPS, you can turn off FTP completely to make your server even more secure. Go to the Virtual Private Servers website. Click the Configure button to the right of the server.

On a VPS, disable FTP.
Select ‘Inactive’ from the drop-down box to the right of ‘FTP server.’ Finally, at the bottom, click Save ps123456’s settings to save your changes.

Notes on using SFTP
When utilizing SFTP to log into your account, you may notice some variations from what you would see if you logged in as a regular FTP user.

You may see that there are more directories accessible above the /home directory. This is normal because all users have access to such directories to some extent. As a regular user, however, you will not be able to view files that you do not have permission to view, nor will you be able to harm the server.
Files/directories that aren’t visible: Hidden files on a Unix system are those whose names begin with a period (.). SFTP clients, like FTP clients, usually feature a “enable/disable viewing hidden files” option. You’ll be able to see these files/directories if that option is enabled (if your user has permissions to do so). If you’re having trouble removing a directory (assuming you have the right permissions), and you get an error message saying “directory not empty,” it’s possible that there are hidden files/directories in that directory that your client won’t let you view. Before you proceed any further, double-check your program selections. If you have the option to view hidden files/directories enabled and are still unable to delete a directory, please contact support. So that support can investigate, provide them the server, user account, and full path to the directory you’re trying to delete. For further details, see the article How do I show hidden files?