FTP (File Transfer Protocol) is a standard network protocol used to transfer files between a local computer and a remote web server. It’s been a core tool of web development and hosting management for decades, allowing developers and site administrators to upload files to a server, download files from a server, or manage the file structure of a web hosting account directly. In the WordPress context, FTP access is primarily used when the WordPress dashboard isn’t accessible — such as during a recovery situation, a major update, or a manual theme or plugin installation.

In practice, FTP has largely been replaced by SFTP (Secure File Transfer Protocol), its encrypted successor. Standard FTP transmits data — including your login credentials — in plain text, making it vulnerable to interception on unsecured networks. SFTP uses SSH encryption to protect both the connection and the transferred data. Most reputable hosting providers now support SFTP, and most FTP client applications support both protocols. If your host offers SFTP, use it — always.

[Image: Screenshot of an FTP client (like FileZilla) showing the local file panel on the left and the remote server panel on the right]

How FTP and SFTP Work

FTP and SFTP work by establishing a connection between your local computer and the web server:

  1. Install an FTP client — Software like FileZilla (free), Cyberduck (free), or Transmit (Mac) handles the connection.
  2. Enter server credentials — Host address, port number (21 for FTP, 22 for SFTP), username, and password. Your hosting provider gives you these credentials.
  3. Connect to the server — The client establishes the connection and displays both your local files and the remote server files in a split-panel view.
  4. Transfer files — Drag files from the local panel to the remote panel (upload) or the reverse (download). You can also create, rename, delete, and move files on the server directly.

SFTP uses port 22 and wraps the entire session in SSH encryption. FTPS (FTP Secure) is a different variant that adds TLS/SSL encryption to standard FTP — both are more secure than plain FTP, but SFTP is more widely supported in the WordPress hosting ecosystem.

Purpose & Benefits

1. Access to the Server When WordPress Is Inaccessible

The most common reason WordPress users need FTP/SFTP access is recovery: the WordPress dashboard isn’t loading, a plugin has crashed the site, or the white screen of death has appeared. FTP allows you to access the server’s file system directly — you can deactivate a problem plugin by renaming its folder, restore a backup file, or replace a corrupted WordPress core file — all without the WordPress interface. Our WordPress development services include FTP access as a standard part of site troubleshooting and support.

2. Manual Theme and Plugin Installation

WordPress allows most theme and plugin installations directly through the dashboard. But if your hosting plan has upload size restrictions, or if you’re installing a custom theme that isn’t in the WordPress.org directory, FTP provides a reliable alternative. Upload the theme or plugin folder directly to /wp-content/themes/ or /wp-content/plugins/, and WordPress will recognize it immediately. This is also the standard method for deploying custom-built themes from a development environment to a live server.

3. Direct File Editing and Management at Scale

For developers making changes across multiple files — replacing WordPress core files during a manual update, deploying an entire theme directory, or migrating site files from one server to another — FTP/SFTP client software handles bulk operations efficiently. Uploading 200 files via an FTP client is far faster than doing so through a hosting control panel’s web-based file manager. SFTP also supports automation through command-line tools and deployment scripts, which is how many professional WordPress workflows operate. This complements the cPanel file manager for tasks that benefit from a dedicated client.

Examples

1. Recovering From a Plugin-Caused White Screen

A WordPress site goes blank after a plugin update. The WordPress dashboard is inaccessible. Using an SFTP client (FileZilla), the site owner connects to the server, navigates to /wp-content/plugins/, and renames the problem plugin’s folder (e.g., bad-pluginbad-plugin-disabled). WordPress can no longer find the plugin and deactivates it automatically. The site loads again. The owner renames the folder back, contacts the plugin developer about the bug, and continues. This recovery takes about two minutes — versus hours of support tickets if FTP access weren’t available.

2. Deploying a Custom Theme to a Live Site

A web agency builds a custom WordPress theme in a local development environment. When it’s ready for launch, a developer uses SFTP to upload the theme folder directly to the client’s server’s /wp-content/themes/ directory. The upload transfers all theme files — PHP templates, CSS, JavaScript, images — in a single session. Once the upload completes, the developer activates the theme through the WordPress dashboard. The whole process takes a few minutes instead of the hours it would take to ZIP, upload, and install through the dashboard’s limited interface.

3. Editing wp-config.php During a Migration

During a WordPress migration to a new host, the wp-config.php file needs to be updated with the new database credentials. This file is critical to WordPress functioning and isn’t accessible through the WordPress dashboard for security reasons. SFTP provides direct access to download the file, edit the database name, username, and password locally, and re-upload it. Without FTP/SFTP access, this step would require access to the server’s shell environment or control panel — and on managed hosting, SFTP is often the only available option.

Common Mistakes to Avoid

  • Using FTP instead of SFTP — Plain FTP transmits passwords in plain text and is genuinely insecure on any network you don’t fully control. If your host offers SFTP (and most managed WordPress hosts do), use it. The setup process is identical — just use port 22 instead of 21 and ensure your client is configured for SFTP mode.
  • Editing files directly on the server — FTP clients allow you to double-click a file and edit it directly on the server in a text editor. This is risky — any error saves immediately and can break the site. Best practice: download the file, edit it locally, test if possible, then upload. Always keep a backup of the original.
  • Leaving FTP credentials stored in plain text — Many FTP clients offer to save your password for convenience. If your computer is compromised, stored FTP credentials can give attackers full access to your server files. Use your password manager to store credentials and enter them manually, or use SSH key authentication with SFTP for a more secure setup.
  • Confusing FTP with hosting account access — FTP access is file system access only. It doesn’t give you access to your database (you need phpMyAdmin or a database tool for that), email accounts, or server configuration. FTP is one of several access methods for managing a hosting account.

Best Practices

1. Use SFTP Whenever Possible

Request SFTP credentials from your host rather than standard FTP. If your host only offers FTP, ask whether SFTP is available — it frequently is, even if not prominently documented. For managed WordPress hosting, SFTP is almost always provided. Configure your FTP client to use SFTP explicitly (port 22, protocol: SFTP or SSH), and verify the connection is encrypted before transferring sensitive files.

2. Keep a Backup Before Any File-Level Changes

Before editing or replacing any file via FTP — especially core WordPress files, wp-config.php, or theme files — download a backup copy first. FTP changes take effect immediately on the server, without the undo history you’d have in a code editor working locally. A backup downloaded before your session means you can restore quickly if a change goes wrong.

3. Use FTP for Troubleshooting, Not Routine Development

In professional WordPress development, FTP is a troubleshooting and deployment tool — not the primary editing environment. SFTP (Secure File Transfer Protocol) combined with version control systems like Git, or deployment tools that automate file synchronization, is the more reliable approach for ongoing development work. Reserve direct FTP access for recovery situations, one-time deployments, and maintenance tasks where dashboard access isn’t available.

Frequently Asked Questions

What’s the difference between FTP and SFTP?

FTP (File Transfer Protocol) transfers data in plain text — including your login credentials. SFTP (Secure File Transfer Protocol) encrypts the entire session using SSH. They accomplish the same goal (file transfers between your computer and a server) but SFTP is significantly more secure. Most hosting providers support SFTP, and all modern FTP client applications (FileZilla, Cyberduck, Transmit) support it as well. Always choose SFTP when available.

Do I need FTP to use WordPress?

Not for routine use. WordPress’s dashboard handles theme and plugin installation, media uploads, and code editing through its built-in interfaces. You only need FTP/SFTP access for specific situations: manual file transfers, recovery from errors, server-level file editing, or deployment workflows. Many WordPress users go years without using FTP. But having credentials saved and an FTP client installed is good insurance for when something goes wrong.

What FTP client should I use?

FileZilla is the most widely used, free, and cross-platform option — it works on Windows, Mac, and Linux. Cyberduck is another free option popular on Mac. For professional developers, Transmit (Mac) is a well-regarded paid option with a clean interface. All of these support SFTP. Configure your chosen client with your host’s SFTP credentials and keep it installed — you’ll want it available when you need it.

How do I get FTP credentials for my WordPress site?

Your hosting provider supplies FTP/SFTP credentials. Check your hosting control panel (often cPanel) under FTP Accounts or SFTP settings. On managed WordPress hosting platforms (WP Engine, Kinsta, SiteGround), look for SFTP/SSH credentials in the site management dashboard. If you can’t find them, contact your host’s support — they can generate SFTP credentials for you.

Can I use FTP to access my database?

No. FTP only provides access to the file system — the folders and files on your server. Your WordPress database is managed separately and accessed through tools like phpMyAdmin (in cPanel), a dedicated database management interface in your hosting dashboard, or via MySQL commands in a terminal. FTP and database access are distinct systems.

Related Glossary Terms

How CyberOptik Can Help

Site recovery, manual deployments, and server-level troubleshooting — all tasks that require FTP/SFTP access — are part of the ongoing support and maintenance work we do for clients. If your site is broken and you’re not sure how to get in, or if you need a developer to handle a deployment that’s beyond what the dashboard can do, we can help. Learn about our hosting solutions or get in touch to discuss your project.