FTP & SFTP Guide: Transfer Files Securely and Manage Accounts

If you regularly upload files for your website, transfer larger amounts of data, or work locally on a web project, an FTP or SFTP client is often a better choice than the cPanel File Manager. While the File Manager is ideal for quick individual actions in the browser, programs like WinSCP, Cyberduck, or comparable clients offer more convenience, stability, and clarity during extensive file transfers.

With FTP, FTPS, or SFTP, you can transfer files between your computer and your web hosting account. This includes, for example, HTML files, PHP files, images, CSS files, JavaScript files, downloads, WordPress files, or entire project folders.

Secure file transfer is particularly important for professional websites. Incorrectly set access rights, unencrypted connections, or overly broad permissions can pose a security risk. This article explains the types of connections available, how to manage FTP accounts in cPanel, and what to look out for to ensure secure working practices.

Briefly explained:
FTP is a classic protocol for file transfer. FTPS is FTP with TLS encryption. SFTP is a distinct file transfer protocol over SSH. Although the names sound similar, FTP/FTPS and SFTP are technically different methods.

FTP, FTPS, and SFTP: What is the Difference?

The terms are often mixed up in everyday language, but technically they are not identical. This distinction is crucial for a secure connection.

FTP
Classic file transfer. Depending on the configuration, login credentials and contents may be transmitted unencrypted. For production websites, FTP without encryption should be avoided whenever possible.
FTPS
FTP with TLS/SSL encryption. Many FTP clients refer to this as "Explicit FTP over TLS" or "FTPES". This is often the secure option for standard FTP accounts.
SFTP
Secure file transfer over SSH. SFTP is not the same as FTP over TLS. Whether SFTP is available depends on SSH access and your specific hosting configuration.

When you create a standard FTP account in cPanel, you typically use this account for FTP or FTPS. For SFTP, SSH-enabled access is usually required. Depending on your hosting package and server configuration, this may be the primary cPanel account or a specially activated SSH/SFTP login.

Important Note:
If a connection with SFTP does not work even though FTP or FTPS works, it is often because SFTP runs over SSH and requires corresponding SSH access. In this case, please use FTPS or contact support.

When Should You Use FTP or SFTP Instead of the File Manager?

The cPanel File Manager is very practical for individual files, small corrections, or unpacking a ZIP archive. However, for larger tasks, an FTP client is often more efficient.

FTP, FTPS, or SFTP is particularly suitable for:

  • uploading many files or entire folder structures
  • regular work on website projects
  • downloading a local backup copy
  • transferring images, downloads, or media files
  • working with HTML, CSS, JavaScript, or PHP projects
  • collaborating with web designers or developers
  • working more comfortably with local editors and project folders

For single small changes, the File Manager may suffice. For professional project work, a file transfer program usually provides a better overview.

Creating a New FTP Account in cPanel

A separate FTP account is useful if you want to give a web designer, an agency, an employee, or an external service provider access to specific website files without sharing your main cPanel login credentials.

The most important security benefit is that you can limit access to a specific directory. This ensures the user only gets access to the area they actually need.

Step-by-Step Instructions

  1. Log in to cPanel.
  2. In the Files section, open the FTP Accounts feature.
  3. Enter a username for the new FTP account.
  4. Choose a strong password or use the password generator.
  5. Specify the desired directory.
  6. Check carefully whether the user should really have access to this folder.
  7. Set a storage limit if necessary.
  8. Click on Create FTP Account.
Example:
If you enter public_html/project as the directory, this FTP account can only work within this project folder. It will not have access to the entire hosting account.

Choosing the Right Directory for an FTP Account

The directory assignment is one of the most important aspects when creating an FTP account. It determines which area the user can see and edit.

Directory Meaning
public_html Access to the main web directory of the primary website. Only assign this if access is genuinely required.
public_html/project Access only to a specific project folder within the website.
public_html/wp-content/uploads Access to upload files of a WordPress website, for example, for media files.
/ or empty main path Very extensive access. Only suitable for trusted administrators.

Always grant access based on the principle of least privilege. A user should only be able to access the folder they need for their specific task.

Understanding FTP Login Credentials

To connect with an FTP client, you usually need the following information:

  • Server/Host: for example, your domain or a server name
  • Username: the full FTP username from cPanel
  • Password: the password set during creation
  • Port: depending on the protocol, often 21 for FTP/FTPS or 22 for SFTP
  • Protocol: FTP, FTPS, or SFTP

Make sure to use the full username. In cPanel, depending on the configuration, this often consists of a name combined with the domain, for example, in the format user@example.ch.

Recommended FTP and SFTP Programs

To connect, you need a file transfer program on your computer. The following programs are widely used and suitable for many use cases.

Program System Key Feature
WinSCP Windows Very stable, powerful, and particularly popular for SFTP and FTPS.
Cyberduck Windows / macOS Easy to use, clear interface, supports various protocols.
FileZilla Windows / macOS / Linux Widely used FTP client with support for FTP, FTPS, and SFTP.
Transmit macOS Professional client for macOS with smooth and convenient usability.
CloudMounter Windows / macOS Can mount remote storage as a local drive, which is practical depending on your workflow.

Which client is best suited depends on your operating system and your way of working. For Windows, WinSCP is highly recommended. For macOS, Cyberduck or Transmit are popular choices.

Establishing a Connection with WinSCP

WinSCP is a very popular program for secure file transfers, especially among Windows users. Here is how to set up a connection:

  1. Open WinSCP.
  2. Select SFTP or FTP with encryption as the transfer protocol, depending on your access type.
  3. Enter the host name, for example, your domain or the server name.
  4. Enter the username and password.
  5. Check the port: often 22 for SFTP or 21 for FTP/FTPS.
  6. Click on Login.
  7. When connecting via SFTP for the first time, only confirm the server key if you are sure you are connecting to the correct server.

After a successful connection, you will typically see your local files on the left and the files on the server on the right. You can transfer files via drag and drop.

Establishing a Connection with Cyberduck

Cyberduck is available for Windows and macOS and is well-suited for users who prefer a straightforward interface.

  1. Open Cyberduck.
  2. Click on New Connection.
  3. Select the appropriate protocol: FTP-SSL, FTP, or SFTP.
  4. Enter the server, username, and password.
  5. Check the port corresponding to the chosen protocol.
  6. Click on Connect.

The same applies here: use an encrypted connection whenever possible. If SFTP is not available, FTPS is in most cases the appropriate alternative for standard FTP accounts.

Primary Account, Additional FTP Accounts, and Anonymous FTP

Different types of access can be relevant in cPanel. For security reasons, it is important to distinguish between them.

  • Primary Account: Corresponds to the main login of your cPanel account. This access typically has very extensive permissions over the home directory. Do not share these credentials with external parties.
  • Additional FTP Accounts: Created in cPanel and can be restricted to specific directories. They are well-suited for service providers or project-based access.
  • SFTP Access: Runs over SSH and depends on the SSH permissions of the respective account. Not every standard FTP account is automatically an SFTP account.
  • Anonymous FTP: Allows access without personal login credentials. For security reasons, anonymous FTP should generally remain disabled.
Security Recommendation:
Never share your main cPanel login credentials with external parties if a restricted FTP account is sufficient. Instead, create a separate account with access limited only to the required folder.

Deleting an FTP Account: Be Careful with Files and Folders

When an FTP access is no longer needed, you should remove it. This is especially important when an external service provider should no longer have access or when a project is completed.

When deleting an FTP account, cPanel may offer different options depending on the interface. An option like Delete Account and Files is particularly critical.

Caution when deleting!

If you only want to remove the FTP access, do not accidentally delete the associated folder contents. Only activate an option like Delete Account and Files if you are absolutely sure that the files in this directory should also be removed.

In most cases, you only want to remove the access, not delete the website files.

Security: How to Protect Your FTP and SFTP Accounts

FTP accounts allow direct access to your website's files. Therefore, they should be managed with care.

  • Use strong, unique passwords.
  • Use encrypted connections like FTPS or SFTP whenever possible.
  • Create separate accounts for individual people or projects.
  • Restrict each account to the folder that is genuinely required.
  • Delete accounts that are no longer needed in a timely manner.
  • Do not store passwords unprotected in text files or emails.
  • Check before uploading whether you are working in the correct target folder.
  • Do not overwrite files without creating a backup beforehand.

Typical Connection Problems and Solutions

If the connection via FTP, FTPS, or SFTP fails, the cause is often incorrect login credentials, the wrong protocol, or blocked connections.

Problem Possible Cause Solution
Login failed Incorrect username or password. Check your login credentials, reset the password, and ensure you use the full username.
SFTP does not connect No SSH/SFTP access active for this account. Try FTPS or contact support.
Connection drops Network issue, firewall, wrong mode, or unstable connection. Activate passive FTP mode, test a different network, or use FTPS/SFTP.
Files are not visible on the website Uploaded to the wrong directory. Check if the files are located in the correct web directory, such as public_html.
Access denied The FTP account is restricted to a different directory or permissions do not match. Check directory assignment and file permissions.

Passive FTP Mode: When is it Important?

Many FTP connection problems are related to firewalls, routers, or network settings. In such cases, enabling passive mode in the FTP client can help. Most modern FTP clients already use it by default or offer it in the connection settings.

If an FTP connection is established but the directory listing fails to load, you should check whether passive mode is activated in your FTP client.

Best Practices for Secure File Transfer

  1. Use encrypted connections whenever possible.
  2. Work with separate FTP accounts instead of the main cPanel account.
  3. Restrict external access to individual project folders.
  4. Create a backup before major uploads or overwriting files.
  5. If you are unsure, transfer files to a test folder first.
  6. Check the website in your browser after making uploads.
  7. Delete FTP accounts that are no longer required.
  8. Change passwords if access is no longer needed or if abuse is suspected.

FAQ on FTP, FTPS, and SFTP

Is SFTP the same as FTP?

No. SFTP is a separate protocol for file transfers over SSH. In contrast, FTP and FTPS are based on the classic FTP protocol. The names sound similar but they are technically distinct.

Can I use any cPanel FTP account for SFTP as well?

Not automatically. SFTP requires SSH access. Standard FTP accounts are usually intended for FTP or FTPS. Whether SFTP is available depends on your hosting and server configuration.

Which port should I use?

Port 21 is commonly used for FTP and FTPS. Port 22 is commonly used for SFTP. The actual details may vary depending on the server configuration.

Why don't I see all files after logging in?

The FTP account may be restricted to a specific directory. This is done intentionally for security reasons. If you require more access, the FTP account must be adjusted accordingly or a different login must be used.

Should I enable anonymous FTP?

In most cases, no. Anonymous FTP can pose a security risk and should only be used in very specific, intentionally planned scenarios. For standard websites, it should remain disabled.

Which is better: File Manager or FTP client?

The cPanel File Manager is very convenient for small individual actions. For many files, regular uploads, local project work, or larger data volumes, an FTP or SFTP client is usually more practical.

Summary:
FTP, FTPS, and SFTP allow you to transfer files between your computer and your web hosting account. For secure connections, you should avoid unencrypted FTP whenever possible and use FTPS or, if available, SFTP instead. Create separate FTP accounts for external individuals, restrict access to the required folders, and promptly delete accounts that are no longer needed.
Need help with FTP, FTPS, or SFTP?

If the connection is not working, you are unsure about the correct protocol, or you want to set up access for an agency, the CURIAWEB support team will be happy to assist you.

Create Support Ticket
Was this answer helpful? 1 Users Found This Useful (1 Votes)

Most Popular Articles

.htaccess Guide: Hidden settings, redirects, and security

.htaccess Guide: Hidden Settings, Redirects, and Security The .htaccess file is a local...
Images

Edit Images Directly in cPanel: Thumbnails, Scaling, and Conversion Images are among the most...
File Manager Guide: Manage website files directly in your browser

File Manager Guide: Managing Website Files Directly in Your Browser The cPanel File Manager is...
File and Directory Restoration

Restore Files and Folders: How to Use the cPanel Backup Restore It can happen quickly: an...
Git Version Control: Hosting and managing repositories in cPanel

Git Version Control: Hosting and Managing Repositories in cPanel With Git Version Control in...