Most users don’t think twice about how they connect to the internet, although if you’re a site owner, you’ll likely use a File Transfer Protocol (FTP). It’s a typical and standard way to access your site’s server, although you’ll also see the mention of Secure File Transfer Protocol (SFTP) too. As such, FTP vs SFTP warrants further discussion.
The good news is that you can often select the protocol you want from within your dedicated client. FileZilla, Cyberduck, Transmit, and others all let you choose how you connect. You may even begin to use Secure Shell (SSH) too, which is closer to SFTP than FTP.
For this tutorial, we’re going to talk about FTP vs SFTP, and break down the differences of each. We’re also going to take a quick detour and talk about where SSH fits in too. Spoiler alert: You should use SFTP or SSH by default, but you’ll find out why throughout the post.
In a nutshell, a transfer protocol facilitates the connection and file transfer between two computers across the web. For example, the Hypertext Transfer Protocol (HTTP) is a core protocol for serving websites.
An every day scenario where you’ll use a transfer protocol is a file download. Your computer will connect to the distant server, establish that connection, and move the file across to your machine. A transfer protocol is the underlying code and technology that makes this happen.
These transfer protocols also ensure the success of the file transfer. However, as the web evolves, more of these protocols appear in order to match the needs of the modern web. While we’ll talk about FTP vs SFTP in this post, you’ll see various mentions of other protocols too.
Given that FTP and SFTP facilitates data transfers, you’ll find a number of similarities between them. This can add to the confusion, because these similar pieces of functionality don’t tell the full story. For example:
For an end-user, FTP vs SFTP is negligible, because the protocols work the same way at a core level. However, there are key and vital differences to understand. We’ll break this down next.
FTP is the elder statesperson of data transfer. It predates the internet, and is the first networking protocol that allows for standardized data transfers.
While we’ll get onto the differences between FTP vs SFTP in more depth later, the short versions is that FTP lacks security:
Once you get into the details of each protocol, you’ll find that the apparent similarities are just that. In fact, SFTP is a different type of protocol altogether. Let’s discuss this next.
It’s true that SFTP offers a similar experience and base feature set to FTP. However, that’s where the similarities end. You can also call SFTP “SSH File Transfer Protocol,” which should give you a clue as to how it differs.
The Internet Engineering Task Force (IETF) was responsible for developing SFTP around 2001, and based it on SSH. We’ll talk more about this shortly. However, you’ll note that both FTP and SFTP are like chalk and cheese when it comes to functionality:
The short way to sum up what SFTP offers is “security.” However, it’s worth talking about SSH too, as this is central to SFTP (and other similar protocols).
SSH is a cryptographic protocol that provides encryption over an unsecured network. It’s a mid-90s tool that still stands up today because of its architecture. Its initial success came to the attention of the IETF, who provided standardization of the protocol, then developed SFTP on top of it.
However, between the advent of FTP and the release of SFTP, users still had a need for encrypted data online. As such, you’ll also find another protocol – File Transfer Protocol Secure (FTPS). Let’s clear up the confusion.
Mixed into the history of FTP and SFTP, we also have FTPS. You can also call this FTP-SSL, and it’s closer to FTP than other protocols.
In short, this uses a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) connection to encrypt data. It offers the same kind of benefits as using SSL, such as the need for certification, and built-in support from many internet communication frameworks.
For most applications, you won’t want to use FTPS, because SFTP is just as straightforward to use and offers greater encryption.
There are three central ways that SFTP can provide a better experience (specifically relating to security) than other protocols, especially FTP.
However, although SFTP offers more security with fewer drawbacks, FTP still has its merits. In the next section, we’ll look at the positives and negatives of both in more detail.
Because of its simplicity, FTP does represent a straightforward way to transfer files across the web. What’s more, because it’s more open with regards to encryption, you have a little more flexibility in how you transfer files:
However, we already know the disadvantages of using FTP, in that it’s not secure, compliance can be a sticking point, and these connections can play havoc with your firewall.
In contrast, SFTP offers a good array of benefits too:
Even so, SFTP does have some negatives. For example, SSH keys are difficult to maintain, especially for new users. It’s a double-edged sword because you can inadvertently keep a user out of the system, at the same time you do so with malicious ones.
The quick answer is that you should almost always use SFTP to connect to your site’s server. This is because its level and implementation of security and encryption is a base standard for modern web usage.
In contrast, FTP is not secure. Its design doesn’t take any type of security into account, because at the time it arrived, there was no need for it. You can make a kind of analogy with WordPress here.
Of course, the platform is secure without question. However, FTP vs SFTP is akin to a vanilla WordPress installation. Whereas themes and plugins boost the functionality of the platform, SFTP takes the good parts of FTP, and re-imagines it to provide a robust way to transfer files across the web.
On the whole, FTP vs SFTP is a comparison of two different protocols, albeit with similar names and top-level features.
Transfer protocols standardize the way we connect to the internet in lots of situations. However, the technology evolves much like any other. Because of this, we have a few different protocols to use, and not all of them offer top notch security.
The key difference between FTP vs SFTP is in the name. The latter is more secure, and is the one we recommend as default. If you currently use FTP only (and you can check this within FileZilla, Cyberduck, or your chosen client), you’ll want to make a switch and encrypt your data.
Do you have any questions about FTP vs SFTP? If so, let us know in the comments section below!
Are you on the look out for Google Analytics alternatives? Google Analytics has dominated the…
Are you on the hunt for cPanel alternatives? cPanel is the web server control panel…
New to Webflow and not sure where to start? This step-by-step guide will show you…
Are you in the market for a forum software to get your online community off…