4. SFTP & SSH
This guide explains how to create SFTP and SSH users with authority to transfer files to and from your server.
For more information about the SSH & PHP functions and commands that you can use on WPMU DEV hosting, please see our Allowed & Disabled Functions & Commands document.
Your Hosting panel now includes a File Manager utility in case you don’t really want to use SFTP or SSH. See the Tools > Files guide for more.
4.1 SFTP and SSH usersLink to chapter 1
SFTP/SSH users are required to connect to a WMPU DEV hosted site using an FTP client or terminal application.
SFTP vs SSH
SFTP and SSH users connect to servers using the same security protocol, so neither is more or less secure than the other.
SFTP users can connect to a server and edit files using an FTP client like Filezilla or Cyberduck.
SSH users can connect to a server using the WordPress command line interface, wp-cli. In simple terms, SSH users need no special software to connect to a server and have access to a powerful set of commands not available to SFTP users.
Therefore, if your site manager isn’t skilled at working in the wp-cli, you do not need an SSH user.
Do I need an SFTP/SSH user?
The rules of thumb are:
- If you don’t know whether or not you need an SSH user, then you don’t.
- If you need to move files to or from your site using anything other than the built-in WordPress tools– a file that exceeds the file size limit of the WordPress uploader, for example– you will need an SFTP user to do so.
- If you can achieve your goals using the file transfer tools built into WordPress, you don’t need either.
SFTP/SSH users are site-specific, which means users created for Site A cannot access Site B or any other site, including different sites attached to the same member account. Staging sites, for example, require their own SFTP/SSH users even if the production sites from which they are pulled already have existing SFTP/SSH users. Users created for multsite networks can transfer files to and from any subsite of that network, but only sites within that network.
4.2 Creating SFTP/SSH UsersLink to chapter 2
Begin by selecting a site in Hub 2.0. From that site’s dashboard, click Hosting and then SFTP/SSH to access the SFTP/SSH Accounts screen.
The page includes the SFTP/SSH connection information for the current site and a list of the existing SFTP/SSH users. From this screen members can create and delete users or change the password(s) for existing users.
The information displayed includes:
- Connection Address (Host) – This is the URL used by WMPU DEV internally to identify your site and is the required URL for SFTP/SSH connections. Many FTP clients refer to the Connection Address as the Host.
- Port number – The port associated with this site.
- Username – The username(s) of both SFTP and SSH users that have been created for this site. If no users have been created, the list will be empty.
- Environment – During creation, SFTP/SSH users are given access to either a production (live) site or a staging site, and that status is displayed here.
- Type – These users are either SFTP or SSH, and that designation is displayed here.
- Path Restriction – The access granted to SFTP/SSH users can be restricted to certain areas of a site’s file structure. This label indicates the type of restriction, if any, has been placed on the user. The label None indicates a user with no restrictions and with access to all site files.
- Connection Info – A convenient link created to simplify the configuration necessary to connect to a WPMU DEV hosted site via SFTP/SSH.
- Edit Password (pencil icon) – Click the pencil icon to access the edit password modal. SFTP/SSH user passwords can be changed as necessary, but user names cannot changed after creation.
- Delete – Click the trash icon to open the delete user modal.
Click the Add User button and choose SFTP User or SSH User from the drop-down menu.
In the modal that appears, enter a username and password in the fields provided. Use the strong password that is automatically generated or enter custom password.
SFTP/SSH user passwords can be changed as necessary, but the username, restriction, and environment selected when a user is created cannot be modified later. Fortunately, users can be deleted and new users with new access rights can be created at any time.
SFTP/SSH users can be restricted to specific folders within the WordPress file structure. This might allow, for example, a graphic designer to access the Uploads folder where images are stored, while preventing that person from accessing files elsewhere.
Use the Path Restrictions drop-down menu to determine the scope of a new user’s access as follows:
- None – No restrictions. User can access all site files
- wp-content – Grants access to the wp-content folder, which contains all uploaded files, plugin files, theme files, the site index, and language files
- Plugins – Grants access to the Plugins folder only
- Themes – Grants access to the Themes folder only
- Uploads – Grants access to the Uploads folder only
WPMU DEV members whose sites we host can create a staging copy of any production site where changes can be implemented and tested before they go live. Production sites and staging sites require separate SFTP/SSH users.
Use the Environment drop-down menu to associate the new user with the correct environment.
When you’re ready, click Add and the new SFTP/SSH user will be created.
4.3 Connection InfoLink to chapter 3
The following information, located near the top of the SFTP/SSH Accounts page, is required to connect SFTP/SSH users to a site:
- Connection Address (Host) – This is the URL used by WMPU DEV internally to identify the current site, and is frequently referred to as the Host or the Host Address. Regardless of how many domains may be associated with a given site, the Connection Address/Host displayed on the SFTP/SSH Accounts page is the only URL that can be used to connect to that site via SFTP/SSH.
- Port number – The port associated with the current site.
- Username – The username for the SFTP/SSH user being connected.
- Password – Click the pencil icon next to any SFTP/SSH user to view that user’s password.
These credentials must be entered into the relevant fields in an FTP client to connect to the site, as shown in this Filezilla example.
Quick Connect Link
Click the Connection Info icon next to any SFTP/SSH user to reveal a quick link created for that user.
The quick link, when copied into an FTP client or terminal application, identifies the site and the user to be connected.
The site’s port and SFTP/SSH user password are still required when using the quick link.