Last updated on April 26th, 2022
developmentmigrationsftpWPCore
When hosting your WordPress site on WP Engine, you may need to connect directly to your website’s filesystem. On other platforms you may already be used to using FTP. At WP Engine we use SFTP which works the same, except it uses a layer of encryption for security and is restricted to a secured port.
Most commonly you’ll need SFTP access when migrating your site, performing a partial restore, or while editing/accessing a specific file (such as the wp-config.php file).
Contents hide
1SFTP Clients
2Add SFTP User
3Edit SFTP User
4Connect to SFTP
5SFTP Tips
6Common Issues
7Update SFTP Host Keys
7.1Update Host Key
7.2Delete All Host Keys
7.3Update known_hosts File
8Limitations
SFTP Clients
Before you can connect to your site’s file system, you’ll need access to a compatible client. While we don’t restrict the programs you can use, but a program may not be compatible. We recommend one of the following clients:
- FileZilla – Works on all operating systems
- Visual Studio Code – Free visual code editor, compatible with Mac and PC. Make sure you install the SFTP extension.
- Notepad ++ – Works on PC only but has also has a great live edit mode
While you are free to use the SFTP client of your choice, your SFTP client will need to use one of the following supported ciphers:
- aes192-ctr
- aes256-ctr
We do not support SFTP ciphers: SHA1, aes128-ctr, CBC, RC4, 3DES, MD5, and RIPEMD for security reasons. If your SFTP client uses one of these ciphers, it will not work properly with our platform.
NOTE
Before connecting, always ensure your client is updated, as this is a common cause of connection issues.
Add SFTP User
Along with an SFTP client you will need SFTP credentials. These are not your wp-admin or User Portal credentials. Each set of SFTP credentials will only work for one environment.
- Log in to the User Portal
- Select the environment you wish to connect to
- Click SFTP Users
- Click Add SFTP User
- Fill out the following required fields:
- Username — Your environment name will be appended to this automatically after saving:
- EX:
environmentname-username
- EX:
- Password — You can securely generate a random password by clicking the lock icon, or set a password with the following requirements:
- At least 8 characters
- Uppercase and lowercase letters
- Include numbers and special characters
- Once the password has been set it cannot be viewed again. If you lose the password, you will have to set a new one. Be sure to copy or write the password down before saving.
- Path (Optional) — A specific directory to connect to. Defaults to the root if left blank.
- Must be a relative path, starting with a forward slash.
- Do not include HTTP/HTTPS, or your domain.
- Any subdirectory below the path defined can also be accessed. Any directory above the path defined cannot be accessed.
- To restrict a theme developer to all theme directories:
/wp-content/themes/ - To restrict a vendor to media uploads from April 2019:
/wp-content/uploads/2019/04/
- Environment —
- Production, Staging, or Development: Refers to the active environment.
- Username — Your environment name will be appended to this automatically after saving:
- Click Add SFTP User
Edit SFTP User
To edit an existing SFTP user:
- Log in to the User Portal
- Select the environment you wish to connect to
- Click SFTP Users
- Click on an existing username
- Fill in a new password with the following requirements OR hit the lock icon to generate a secure password automatically
- At least 8 characters
- Uppercase and lowercase letters
- Include numbers special characters
- Click Update User
Connect to SFTP
After adding an SFTP user, take note of the SFTP Address and Port Number in your User Portal. The SFTP address is different for every environment.
In this example we’ll be using FileZilla, but the fields should be similar in any client. Fill out the following fields then hit Connect.
Host — SFTP Address
- When using Quick Connect in FileZilla you will need to specify sftp protocol by also adding
sftp://before the hostname. - EX:
sftp://environment.sftp.wpengine.com
Username — Username set in the User Portal. Your unique environment name is appended and hyphenated automatically.
- Ex:
environment-someuser
Password — Password exactly as set previously.
- Pay attention to capital letters, spaces, symbols, etc.
- If you forgot the password it cannot be viewed again after saving. You must edit the SFTP user to set a new password.
Port — Always set to 2222
- No other port numbers will work here.
NOTE
You may see a pop up referring to SSH host keys if you’ve never connected before. Accept any warnings to continue.
SFTP Tips
- Make a backup before editing any site content.
- Once you are connected to your site, you will see a directory listing of your computer’s contents on the left. Your remote website directory is on the right.
- Double-click a directory name to expand and view the contents.
- Drag and drop files between locations or directories.
- If you are replacing a file be sure to accept any prompts to overwrite the existing file or you will not see your changes.
- Reset file permissions and purge server caches from the WP Engine plugin after making changes.
- Location quick reference:
- Theme files:
wp-content/themes/ - Plugin files:
wp-content/plugins/ - Uploads:
wp-content/uploads/- Often divided further by year, then month:
wp-content/uploads/2019/04
- Often divided further by year, then month:
- Theme files:
- Your SFTP host name and user name will both include the environment name at the beginning. This should make verifying that you’re connecting correctly a little easier.
Common Issues
Error: Cannot establish FTP connection to an SFTP server. Please select proper protocol.
- Ensure you have set your client to connect using SFTP protocol.
- This may be a dropdown to select SFTP, or you may have to preface your hostname field with
sftp://- EX:
sftp://mysite.wpengine.com
- EX:
- Ensure you are using the correct port. Only port
2222is supported.
Error: Authentication failed.
- The user name or password is wrong.
- Change your password or try adding a completely new user.
I’m being prompted to update my SSH host keys. I hit “accept”, but still can’t connect.
- During security updates our server host keys can change. You may need to delete your existing SSH host keys first before new ones can be properly accepted by your SFTP client.
Still unable to connect with SFTP?
- Restart your FTP client completely
- Try connecting with a different client
- Ensure your client is up to date
- Verify the path you’re connecting to exists as a directory on your website, or reset the path to default completely
- Create a different SFTP user
- Try to connect to any other environments on your account with SFTP
- Contact our Support team
I connected without an error, but my remote directory and file listing is blank.
- Check the path your user is configured for. Does it exist? Is it spelled right?
- We recommend resetting this to default (blank) and trying again.
I’m not seeing changes on my site after uploading a file.
- Reset file permissions
- Purge server caches
- Purge local caches
Still not seeing your changes?
- If you modified a theme/plugin file, ensure you have the correct theme/plugin name activated
- Add a comment to the top of your file and upload it again
- Try opening your file in the browser directly- Do you see your comment or code changes?
- EX:
http://mydomain.com/wp-content/uploads/test.txt
- EX:
- Try uploading a test TXT file to the same directory, then see if you can load that file in your browser directly. Can you view this test file?
If you can see changes in the files when viewed directly but not on the website, it is most likely a caching issue.
- Try purging local and server caches again
- You may even need to restart your computer
- Test again on a mobile device, disconnected from WiFi
If you can’t see any changes when directly viewing files you’ve added, it’s most likely an SFTP connection issue.
- Check the host name, username, password and port.
- Verify you’re uploading to the correct directory
- Confirm the file name spelling and capitalization
Update SFTP Host Keys
If when using yourSFTPclient on WP Engine, you receive a warning that your “host keys do not match” or “host key changed”, you will need to update host keys stored on your local machine. There are three options to update your host keys.
Update Host Key
Option one in this scenario is to manually update your host key. This method generates the new host key and connects you to your host:environment.sftp.wpengine.com. This is the easiest, recommended method. Please keep in mind these steps need to be taken on the local computer where you are experiencing this issue.
Run the following command in a local Mac/Linux Terminal window, whereenvironmentis the name of your WP Engine environment:
cd ~/.sshssh-keygen -Renvironment.sftp.wpengine.com:2222
Delete All Host Keys
Option two in this scenario is to delete the host key entry for your host:environment.sftp.wpengine.com
Mac/Linux
To delete your local host key, you just need to remove yourknown_hostsfile. Open terminal and run the following commands:
cd ~/.sshrm known_hosts
Windows
To update your local host key on a Windows machine, open upPuTTYand perform the following steps:
- Open up
regedit.exeby doing a search - Navigate to
HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys - Delete all keys listed
Update known_hosts File
Similar to removing removing all known hosts in Option two, this option removes just one known host.
The warning message your SFTP client shows will usually list the line in known_hosts that is triggering this message, so be sure to make a note of this.
Mac/Linux
On Mac/Linux you can simply edit the file usingvi, which is a text editor. Run the following commands. Be sure to update100to the line number your error message displays.
cd ~/.sshvi known_hosts +100
Once the file opens to this line:
- Type the key
dtwice to remove the line - Type
:xto save.
Windows
On a Windows machine using PuTTY, go to the Registry folder just like in step two. In that directory, a list of hostnames appears. Right click on theenvironment.sftp.wpengine.comone, and then select Delete.
Limitations
We do not support the SFTP ciphers SHA1, aes128-ctr,CBC, RC4, 3DES, MD5, and RIPEMD for security reasons. If your SFTP client uses one of these ciphers, it may not work properly with our platform. We suggest reaching out to your SFTP software maker to get instructions on how to disable these.
WP Engine does not support FXP (File eXchange Protocol) due to its dependency upon FTP (File Transfer Protocol), which is an insecure method of transferring files. WP Engine only supports SFTP (Secure File Transfer Protocol) due to its improved security features.
NEXT STEP: Troubleshooting with the WP Engine error logs
FAQs
Is SFTP secure enough? ›
SFTP does secure data in transit – but only in transit. The data kept on the SFTP server while it is at rest, is not encrypted – unless the business takes additional steps to perform their own encryption for the data at rest.
Is SFTP a file transfer protocol? ›SFTP, or Secure File Transfer Protocol, is a secure file transfer protocol that uses secure shell encryption to provide a high level of security for sending and receiving file transfers.
Why is my SFTP not working? ›Make sure you log in to your server's IP ADDRESS (not your domain) with the SYSTEM USER used to create your app; attempting to connect to your domain directly is one of the most common causes of SFTP connection failures. Make sure you attempt to connect over SFTP. ServerPilot does not support unsecure FTP connections.
Do I need a certificate for SFTP? ›As it uses SSL, it requires a certificate. SFTP (SSH File Transfer Protocol/Secure File Transfer Protocol) was designed as an extension of SSH to provide file transfer capability, so it usually uses only the SSH port for both data and control.
Can SFTP be hacked? ›Once a SFTP server is made available to the Internet, it is often only hours or minutes before hacking attempts begin. Even if your server is not directly connected to the Internet, there are always people who are eager to break in and steal your data. They may even be your employees.
Do hackers use FTP? ›FTP lacks privacy and integrity which makes it easy for a hacker to access and get or change your data while in transit. We recommend that you switch to a more secure alternative such as FTPS, SFTP, or both.
Where is SFTP used? ›SFTP is used whenever there is a need to transfer files between systems while maintaining a high level of security. Potential uses for SFTP include: Secure Data Transfer: SFTP allows users to transfer critical files and sensitive data without the risk of exposing data to unauthorized parties.
How does SFTP protocol work? ›How SFTP Works. When a client system requests a file transfer, SFTP creates a secure connection between the client and the SFTP server. This connection usually goes through port 22. SFTP then uses the SSH protocol to encrypt the requested file and transfer it to the client.
What port does SFTP use? ›SFTP port number is the SSH port 22 (follow the link to see how it got that number). It is basically just an SSH server. Only once the user has logged in to the server using SSH can the SFTP protocol be initiated. There is no separate SFTP port exposed on servers.
How do I enable SFTP? ›- Go to Settings > Apps > Apps & features > Optional features and click on Add a feature.
- Locate “OpenSSH server” feature, expand it, and select Install.
How do you test if SFTP is working? ›
You use a test file to test the SFTP connection and the web server. Use a command line SFTP tool available from a third-party source. For example, PuTTY SFTP client (PSFTP) works well for this test. Note: There are several PuTTY applications for download, but only PSFTP works for this test.
How do I open an SFTP file? ›- Open a connection to a remote system by using the sftp command. $ sftp remote-system. If the connection succeeds, a confirmation message and prompt are displayed.
- If prompted, type your password. Password: password. ...
- Close the sftp connection. sftp> bye.
- Log into the SSH server.
- Go to the . ...
- Open the authorized_keys file for editing or create one if needed. ...
- In HOBOlink, go to the FTP or SFTP settings (under User Settings > Export or when setting up data delivery). ...
- Click Download Public Key.
That's the big takeaway: While both protocols let you transfer files between your client and server, SFTP is much more secure than FTP.
What is difference between FTP and SFTP? ›The main difference between FTP and SFTP is the “S.” SFTP is an encrypted or secure file transfer protocol. With FTP, when you send and receive files, they are not encrypted. You may be using a secure connection, but the transmission and files themselves are not encrypted.
Why do we need SFTP server? ›SFTP Provides the Highest Level of Protection
Some earlier attempts to provide security for data in transit using FTP relied on port forwarding (data tunneling) to create a secure (encrypted) connection between client and server over which usernames and passwords could be sent.
SFTP is a protocol for transferring files securely—or, more simply put, a way to transfer files between machines over a secure connection. SFTP, which stands for SSH (or Secure) File Transfer Protocol, was developed in the 1990s, and is natively secure so that if you send confidential data, it can't be intercepted.
What is SFTP user? ›An SFTP user is required in order to upload a website you've created to DreamHost's servers, or to make changes to an existing website. SFTP users are similar to FTP users except that the SFTP protocol uses an encrypted connection to access a server. Port 22 is used in your client to connect to the server via SFTP.
Is FTP safe to use? ›FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods.
How do I protect my SFTP server? ›- Disable FTP. ...
- Use the strongest encryption. ...
- Use file and folder security for external access. ...
- Use folder security for internal access. ...
- Include documentation and auditing. ...
- Use IP blacklisting and whitelisting.
What is FTP used for? ›
FTP is used for file transfers between one system and another, and it has several common use cases, including the following: Backup. FTP can be used by backup services or individual users to backup data from one location to a secured backup server running FTP services.
How do I know if my server is FTP or SFTP? ›Simply try to connect and authenticate with FTP and if that fails, try SFTP. You can never know how the transition will go. They can choose to keep FTP server running along with SFTP, but with login disabled or any other combination. You are completely right.
What is an SFTP folder? ›sFTP (secure File Transfer Program) is a secure and interactive file transfer program, which works in a similar way as FTP (File Transfer Protocol). However, sFTP is more secure than FTP; it handles all operations over an encrypted SSH transport.
How do I transfer files using SFTP? ›- Step 1: Generating SSH Keys.
- Step 2: Copying SSH Keys to a Remote Server.
- Step 3: Initiating an SFTP Connection.
- Step 4: Transferring Files from Remote Servers to Local Systems.
- Step 5: Transferring Files from Local Systems to Remote Servers.
While FTPS adds a layer to the FTP protocol, SFTP is an entirely different protocol based on the network protocol SSH (Secure Shell). Unlike both FTP and FTPS, SFTP uses only one connection and encrypts both authentication information and data files being transferred.
How do I upload files to SFTP server? ›- Using your institution's assigned username, enter the following command: sftp [username]@[data center]
- Enter your institution's assigned password.
- Choose directory (see directory folders): Enter cd [directory name or path]
FTP (File Transfer Protocol)
The FTP protocol typically uses port 21 as its main means of communication. An FTP server will listen for client connections on port 21.
- Host: ssh.yourdomain.com.
- Username: yourdomain.com.
- Password: the password you have chosen for SFTP.
- Port: 22.
An FTP address is the address that is used to transfer files to the Internet. You'll need an FTP address, username, and password to access the files on the Web server. It's often similar to the full website address (URL or domain name), but starts with an FTP instead of an HTTP.
How install SFTP on Windows? ›Configure the SFTP server feature (OpenSSH Server) in Windows Server 2019. Create the root SFTP directory. Create the user account that will be used for file transfers. Install and configure the SFTP client for data transfers.
How do I create a SFTP folder? ›
You can create directory/folder in remote server programmatically by the SFTP. Syntax: psftp> mkdir 'Directory name'
How do I connect to SFTP on Windows? ›Run WinSCP and select "SFTP" as the protocol. In the host name field, enter "localhost" (if you're testing the PC you installed OpenSSH on). You will need to enter your Windows username and password to allow the program to connect to the server. Hit save, and select login.
How do I find my SFTP path? ›The command 'lpwd' is used to check the Local present working directory, whereas 'pwd' command is used to check Remote working directory.
How do I find my SFTP port? ›How to Find and Change SFTP Port Number - YouTube
How do I create an online SFTP server? ›- In Choose protocols, select SFTP, and then choose Next.
- In Choose an identity provider, choose the identity provider that you want to use to manage user access. ...
- Choose Next.
- In Choose an endpoint, do the following:
- Using your institution's assigned username, enter the following command: sftp [username]@[data center] (link to data centers on Get Started)
- Enter your institution's assigned password.
- Choose directory (see directory folders): Enter cd [directory name or path]
hostname is the host name or IP address of the SFTP server. port is the port on which SFTP server is listening. Default port for SFTP is 22. directory is the location that is periodically polled for files.
What is SFTP key? ›SFTP public keys are used as an alternative authentication method for establishing secure FTP connections when importing and exporting contacts. Instead of authenticating with a password, the public key authentication uses a pair of keys, one private and one public.
How do I pass a private key using SFTP? ›In your system tray, you'll see the Pageant icon appear. Right-click the icon and select “Add Key” and select your private key (PPK) file. Follow the prompt to enter your pass phrase and you're done. Now simply launch FileZilla Pro and connect to your server using SFTP using SSH2 with a username and an empty password.
How do I connect to an FTP public key? ›Create an sFTP connection using SSH keys:
Select the FTP connector from the list of connectors. Enter the Host URL of the FTP server, and select the sFTP protocol. Enter the username. Paste the RSA private key you generated into the Authentication Key (pem format) field.
What is the most secure protocol for transferring files? ›
What are the top secure file transfer protocols? Top secure file transfer protocols include SFTP, FTPS, and AS2. Each of these offers stronger encryption than standard FTP, as well as additional safeguards, including keys, passwords, and certificates to authenticate users or connections.
What is better than SFTP? ›SCP is usually much faster than SFTP at transferring files, especially on high latency networks. This happens because SCP implements a more efficient transfer algorithm, one which does not require waiting for packet acknowledgement, unlike SFTP.
What is FTP explain types of connection? ›FTP means "File Transfer Protocol" and refers to a group of rules that govern how computers transfer files from one system to another over the internet. Businesses use FTP to send files between computers, while websites use FTP for the uploading and downloading of files from their website's servers.
Is SFTP more secure than https? ›HTTPS and SFTP are equal in security because they both encrypt: Usernames. Passwords. Contents of data.
Is SFTP or FTPS more secure? ›SFTP is inherently secure and fully encrypted, while FTPS adds a layer of encryption using SSL or TLS. SFTP works seamlessly with firewalls, but its binary data transmissions are not suitable for logging. FTPS file transmissions are several times faster than SFTP. SFTP will not work with .
What makes SFTP secure? ›Using SFTP, only one secure connection is established through which all data (authentication information, file data, etc.) is transmitted. SFTP ensures data integrity and data security by applying SSH2 Message Authentication Code (MAC) to hashed data payload packets, which are encrypted in the data stream.
What is the most secure protocol for transferring files? ›What are the top secure file transfer protocols? Top secure file transfer protocols include SFTP, FTPS, and AS2. Each of these offers stronger encryption than standard FTP, as well as additional safeguards, including keys, passwords, and certificates to authenticate users or connections.
What is the purpose of SFTP? ›Secure File Transfer Protocol (SFTP), also called SSH File Transfer Protocol, is a network protocol for accessing, transferring and managing files on remote systems. SFTP allows businesses to securely transfer billing data, funds and data recovery files.
What ports does SFTP use? ›SFTP, which stands for SSH (or Secure) File Transfer Protocol, usually runs on Port 22 (but can be assigned whatever port you want) and is a way for transferring files between machines over a Secure and Encrypted Connection, unlike FTP, which transfers data over an insecure and unencrypted connection.
What is difference between FTP and SFTP? ›The main difference between FTP and SFTP is the “S.” SFTP is an encrypted or secure file transfer protocol. With FTP, when you send and receive files, they are not encrypted. You may be using a secure connection, but the transmission and files themselves are not encrypted.
Which is faster SFTP or FTP? ›
SFTP is generally slower than FTP due to the security built into the protocol. The data is encrypted, which takes time, but perhaps more importantly the protocol itself functions differently; it's not "streamed" like FTP.
What is better than SFTP? ›SCP is usually much faster than SFTP at transferring files, especially on high latency networks. This happens because SCP implements a more efficient transfer algorithm, one which does not require waiting for packet acknowledgement, unlike SFTP.
How do I know if my server is FTP or SFTP? ›Simply try to connect and authenticate with FTP and if that fails, try SFTP. You can never know how the transition will go. They can choose to keep FTP server running along with SFTP, but with login disabled or any other combination. You are completely right.
How do you manage SFTP? ›...
Unsupported SFTP Command Restrictions
- SFTP commands for user, group, and permission modifications: chmod, chgrp, and chown.
- SFTP commands for file location management: ln, move, and rename.
- SFTP commands to change file attributes: setstat, and fsetstat.
SFTP 2 Factor Authentication
A username and password is a good method of authentication. It allows a server to authenticate a user by challenging him to submit a piece of information that (theoretically) only he - the user - would know. That information is the user's account username/password combination.
FTP was not built to be secure. It is generally considered to be an insecure protocol because it relies on clear-text usernames and passwords for authentication and does not use encryption. Data sent via FTP is vulnerable to sniffing, spoofing, and brute force attacks, among other basic attack methods.
Which protocol is used for file transfer? ›FTP (File Transfer Protocol) is a network protocol for transmitting files between computers over Transmission Control Protocol/Internet Protocol (TCP/IP) connections.
What are the three types of file transfer? ›- In FTP, there are three types of Transmission modes stream, block, and compressed.
- There are two different transfer mode in FTP, ASCII and binary mode. ...
- Transmission mode refers to the mechanism of transferring of data between two devices connected over a network.