Secure File Transfer Protocol (SFTP) is a secure version of File Transfer Protocol (FTP), which sends data access and data transfer over a Secure Shell (SSH) connection. This term is also known as SSH File Transfer Protocol. Some WordPress plugins and other software request the use of SFTP.
Benefits of SFTP
Whenever a user opens up a regular ftp session, the entire transmission made between the host and the user is sent in plain text, which violates a number of key security fundamentals. When using SFTP, however, the entire login session -- including any files transferred during the session -- is completely encrypted.
Allowing SFTP by default on a shared webserver is a moderate security risk, since SFTP uses an SSH connection to function. In order to use an SSH connection, shell access must be given to a user account. Enabling SSH access globally on the server so SFTP works by default removes a layer of security for all clients on the server, since anyone may access SSH in a jailed session at any time.
However, there is an alternative to SFTP that we employ on Hostek.com shared servers which is much more secure in the terms of the above. This method is called TLS, and is enabled by default on all of our shared environments:
If you have an application that requires SFTP to function, however, please submit a ticket via https://support.hostek.com and mention this guide. We'd be glad to enable SSH for just your account. Once we confirm SSH is enabled, you may | click here to follow Hostek.com's guide and set up SFTP.
SFTP on a VPS Environment
Enabling SFTP on a private server is perfectly acceptable, as the risks described for a shared server do not apply. | For a guide to enable SFTP on your VPS, please click here.