FTP (File Transfer Protocol) is one of the oldest internet protocols, defined in RFC 959 (1985). It is used to transfer files between a client (your computer) and a server. Web developers traditionally used FTP to upload website files to their hosting server.
How FTP Works
- FTP uses two separate TCP connections: a control channel (port 21) for commands and a data channel (port 20 or negotiated) for file transfers.
- The client authenticates with a username and password.
- Files can be uploaded, downloaded, renamed, deleted and listed.
FTP Security Problem
Plain FTP transmits all data — including credentials — in clear text. Anyone who can intercept the network traffic can read the username and password. Do not use plain FTP on production servers.
Secure Alternatives
- SFTP (SSH File Transfer Protocol) — Runs over SSH (port 22). Encrypted and authenticated. The recommended replacement for FTP.
- FTPS (FTP Secure) — FTP with TLS/SSL encryption. Two modes: Explicit (STARTTLS) and Implicit (port 990).
Popular FTP/SFTP Clients
- FileZilla (free, cross-platform)
- WinSCP (Windows, SFTP/SCP focus)
- Cyberduck (macOS/Windows)