Using secure FTP for data transfer

Anyone with a website is likely to upload the data via FTP but this protocol is easily intercepted with the worst part being that in FTP even the passwords and usernames are sent in the clear. Packet sniffers such as Wireshark can easily intercept it. This is why I recommend you use SFTP instead, aka Secure File Transfer Protocol or Secure FTP.

Before establishing a connection, the SFTP server sends an encrypted fingerprint of its public host keys to ensure that the SFTP connection will be exchanging data with the correct server. The first time the connection is established, this key is not yet known to the client program and must therefore be confirmed by the user before data is exchanged for the first time, that is when a SFTP connexion will be vulnerable to man in the middle attack, you need to make sure that the digital key given to you by the host, aka fingerprint, is the correct one and has not been tampered with.

I use Filezilla to manage this site and it is a great free open source FTP client, but using SFTP in Filezilla is very little intuitive, you will have to open the site manager first and from the drop down menu choose “SFTP -SSH File Transfer Protocol”, you cant simply enter the SFTP port in the toolbar in Filezilla it will not work if you do that.

Filezilla site manager

Filezilla site manager

Be aware that not all FTP clients and not all web hosts support SFTP! You will need to make sure they do before you use them, and your host will have to enable SSH access for you (most times this is disabled by default) otherwise it won’t work neither.