SFTP vs FTPS – Secure File Transfer Protocols Explained

SFTP vs FTPS – Secure File Transfer Protocols Explained

It’s been a while since concerns were raised about FTP due to its lack of security. Now that it’s more or less a thing of the past, it’s time we all got better acquainted with its successors, SFTP and FTPS…

With so many acronyms in the file-transfer world, it can be very easy to feel overwhelmed.

In order to choose the best method for your needs, you need to understand how each one works.

That’s why I’m here to give you a quick run-through of two of the game-changers: SFTP and FTPS…

File Transfer Protocol Secure

FTPS (File Transfer Protocol Secure) builds upon FTP by combining it with SSL/TLS.

If you’re not clued up on SSL/TLS, I would recommend reading our article, but long story short, the concept started as SSL (Secure Sockets Layer), which has now evolved into TLS (Transport Layer Security).

TLS not only encrypts your data so that if you fall victim to a man-in-the-middle attack, the attacker won’t be able to make use of any information they manage to get hold of, but it authenticates the connection between the browser and web server.

This is done with SSL/TLS certificates. A website with a certificate signed by a publicly trusted certificate authority (CA) will be trusted by client software such as web browsers and operating systems.

When the browser connects to the web server, it checks whether a valid certificate is present. If it is, the “handshake” process begins, where the browser and server negotiate how to proceed.

A valid certificate allows the browser and server to verify that each other is legitimate and therefore form a binding connection that is very difficult to penetrate.

Adding this layer of security to FTP turns a completely unsecure method of file transfer into one which is pretty hard to hack.

Secure File Transfer Protocol

So now we know how FTPS keeps your files safe, it’s time to take a quick look at SFTP (Secure File Transfer Protocol).

SFTP was developed as an extension to SSH (Secure Shell Protocol) – check out our article for the full lowdown.

SSH is a way to remotely log in to one computer from another over an unsecured network, via a secure channel.

When you combine SSH and FTP, you get SFTP – a method of transferring files over a secure connection. SFTP encrypts your files and data and then sends them over a secure shell data stream.

You initiate the connection by creating or obtaining credentials, which you will need to input into an SFTP client. This authenticates you as a user and allows you to begin the connection.

You can also connect via the command/line terminal but you will still need to log into the system to verify yourself as an approved user.

SFTP vs FTPS

If you’re a WordPress user looking to grab a copy of your files from your server, SFTP may be your best bet, as you might not always have the certificate required to form an FTPS connection.

The good news is that file-transfer clients such as FileZilla allow you to select which method you want to use, and since all the encryption and securing of the channel is done in the background, they all look and work the same at the user’s end.

Screenshot of FileZilla showing how to switch from SFTP to FTP.
In FileZilla, you can easily switch from FTP to SFTP by heading to Edit>Settings.

So, the bottom line is this … if you care about security with a capital ‘S’, then you should give a ‘S’ about FTP too!

Free Video Why 100 is NOT a Perfect Google PageSpeed Score (*5 Min Watch) Learn how to use Google PageSpeed Insights to set realistic goals, improve site speed, and why aiming for a perfect 100 is the WRONG goal.
Kirstan Norman
Kirstan Norman is a digital marketer from Yorkshire, England. She spends her downtime playing video games, board games, forgetting to water her plants, and adding too much cheese to her food.
Do you have a preferred method? Let us know which (and why!) in the comments!