FTP - the File Transfer Protocol - has been used to move files between computers since 1971. For context, that predates the modern internet. It was designed for a time when the network was small, trusted, and used almost exclusively by researchers. Security was not a consideration.
Fifty years later, FTP still works exactly the same way - including the part where it sends your username and password as plain, unencrypted text across the network. That is a problem.
What Is FTP and Why Is It Insecure
FTP opens two connections between your computer and your server: one for commands and one for data. Both are unencrypted. When you log in with your FTP client, your credentials travel across the network in a format anyone with a packet sniffer can read.
This matters most on untrusted networks - hotel Wi-Fi, coffee shop networks, shared office internet connections. On these networks, intercepting network traffic is trivial. Anyone doing so can capture your FTP credentials and then log into your hosting account with full access to your files.
Even on trusted networks, there is no good reason to transmit credentials in plain text when an encrypted alternative exists.
What Is SFTP
SFTP stands for SSH File Transfer Protocol. Despite the similar name, it is completely unrelated to FTP under the hood - it runs over SSH (Secure Shell) and encrypts everything: the connection, your credentials, and all file data.
This means:
- Your password cannot be intercepted in transit
- The file data you are uploading or downloading cannot be read by anyone monitoring the network
- You can optionally use SSH key authentication instead of a password, which is even more secure
SFTP uses port 22 (the SSH port) rather than the traditional FTP ports 20 and 21.
How to Connect via SFTP in FileZilla
FileZilla is the most popular free FTP/SFTP client. Here is how to set up an SFTP connection:
- Open FileZilla and go to File > Site Manager
- Click New Site and give it a name
- In the Protocol dropdown, select SFTP - SSH File Transfer Protocol
- Enter your server hostname in the Host field (your domain or server IP)
- Port: 22
- Logon Type: Normal
- Enter your cPanel username and password
- Click Connect
You will likely see a message saying the server's host key is unknown - this is normal on the first connection. Click OK/Trust to accept it and proceed.
How to Connect via SFTP in Cyberduck
Cyberduck is a popular alternative to FileZilla, especially on macOS:
- Click Open Connection
- From the dropdown at the top, select SFTP (SSH File Transfer Protocol)
- Enter your server hostname, username, and password
- Port: 22
- Click Connect
Enabling SFTP Access on cPanel Hosting
On most cPanel hosting accounts (including all dotCanada plans), SFTP access is available by default using your cPanel username and password. No special setup is required - simply connect using the SFTP protocol and port 22 with your cPanel credentials.
If you have created FTP sub-accounts in cPanel (under FTP Accounts), note that these sub-accounts typically have FTP access only. For SFTP, always use your primary cPanel username and password.
SSH Key Authentication (the More Secure Option)
Once you are comfortable with SFTP, consider setting up SSH key authentication. Instead of a password, you use a cryptographic key pair - a private key stored on your computer and a public key installed on the server.
In cPanel, go to Security > SSH Access to generate a key pair or upload a public key. Once set up, you can authenticate without a password - more secure and more convenient.
Stop Using Plain FTP
If you have FTP client software and you have been connecting without thinking about which protocol you are using, check now. Open your saved connections, look for the protocol setting, and change any FTP connections to SFTP.
It takes two minutes and closes a genuine security gap. There is no downside.
All dotCanada hosting accounts include SSH and SFTP access using your cPanel credentials. See our knowledge base for full connection instructions.
