Thursday, May 17, 2012

Securing your FTP transfers on a CPanel shared hosting site

If you use FTP to transfer files to your website, the user ID and password for the FTP account are transmitted in plain text.  Anyone snooping on your internet connection may be able to capture your login credentials, and from there they can gain control over your account.  They could also see any files you're transferring to or from the web server.

It is much better to use a secure encrypted connection for any access you make to copy files to your web server.  Many web hosts let you do that with a secure shell (SSH) , but some shared web hosts do not provide SSH access or secure FTP connections.

On CPanel, you normally connect to FTP on port 21, which is the default port for FTP.  However, some CPanel hosts  also allow secure ftp connections on a different port - port 7211.  I don't know where I found this, searching for it now I can't find it, but if you've got a CPanel hosting provider that does not otherwise provide a way to make a secure connection, it is worth trying SFTP to port 7211.

If you're using Dreamweaver, you can select the port by adding it to the end of the site URL.  So if your website URL is  you would enter as the FTP host, and check the SFTP checkbox.

Another CPanel option allows using a TLS connection for FTP access, as well as allowing full SSH over port 21, but those need to be configured for the server to allow those connections.  You can ask your provider if they support either option on your account, and if they don't, try the port 7211 connection for SFTP.  If you try to SSH to that port, you'll probably get a message that SSH connections are not supported, but SFTP might work.

While you're thinking about secure connections, you probably also should be logging in to CPanel using the secure option as well - for the same reason, anyone able to snoop your connection can hijack your website, and that might well be at least one more hacker than you want to give access to your website.  Most CPanel websites allow access to the secure control panel login by using .  You can do the same thing using port 2083: should bring you to an https: connection to the CPanel login.

1 comment:

  1. Very Good Article, Lot of good information, working on my website right now!
    Shared Hosting