FTP is not a secure protocol. FTP passwords and files are sent "in the clear" over the internet, making them susceptible to traffic snooping. There have been many instances of FTP passwords being snooped over unsecured wireless networks and used to upload malicious content to legitimate web sites. Using a secure protocol, you can send your password and files in a secure manner so that they cannot be snooped.
Secure Mechanisms
We support 2 different secure file transfer methods
FTPS - This uses the traditional FTP protocol over a secure encrypted connection.
SFTP - This uses a different protocol to transfer files over SSH.
Both methods encrypt passwords and data transferred to/from the server.
FTPS
FTPS uses TLS (transport layer security) to encrypt the FTP channel using SSL. TLS can be either "implicit" or "explicit". We use "explicit TLS" on our servers. To enable FTPS, simply change the options of your FTP client to use one of the following (they are all the same, just called different things in different clients):
FTPS
FTPES
FTP/TLS
FTP over SSL
AUTH TLS
Be sure to select the "explicit" TLS option.
SFTP
Many FTP clients also support SFTP. Enabling this option uses a different file transfer protocol, but it performs mostly the same as FTPS.
SSL Certificates
FTPS and SFTP use SSL certificates to authenticate and verify the server. This certificate is issued in the server name. If you connect using your own domain name (e.g. ftp.yourdomain.com) or an IP address (e.g. 72.232.137.162) then you will probably get a certificate warning message. To avoid this, use the server name (e.g. frodo.z-host.com) instead. You can find the name of the server hosting your site on the domain details page.
FTP Client Configuration
FileZilla
In FileZilla select:
Encryption: Require explict FTP over TLS
Dreamweaver
In Dreamweaver select:
Connect using: FTP over SSL/TLS (explicit encryption)
