NameHero allows you to have unlimited FTP users or your site. So as long as you’re not hosting something like a file storage site, you don’t have any restrictions on FTP usage. However, in today’s world, FTP should be persona-non-grata in your security apparatus. Ideally, you would avoid using FTP at all. And if you do need it, make sure that you’re very careful about what you allow. Here’s why FTP is insecure, and what you should be using instead.
FTP Is Insecure – Plain and Simple
When you enter your login details into an FTP program – either directly in the web browser, or through a dedicated software client, your credentials are sent over the Internet in plain text. That means anyone who cares to listen can access your username and password. And if you happen to use FTP over a public Internet connection like those found in airports or a Starbucks wifi, then god help you!
Needless to say, the notion of sending your credentials over plaintext and unencrypted should fill you with horror. Most websites in today’s world use HTTPS to ensure that the connection between your browser and the server is encrypted. And in any decent security system, the passwords would not be stored in plaintext either – only the hashed versions would be kept in the database.
So for usernames and passwords to not only be stored in an unsecured manner, but actually transmitted in plaintext is the security equivalent of sacrilege. You’re just asking for trouble.
Are There ANY Valid Uses of FTP?
With the existence of services like Dropbox, I really struggle to find any real reason to use FTP in today’s world. I suppose if the free tier of 2 GB in Dropbox is insufficient, you might need something else. Other services can provide more. But if you want to share say 50 GB worth of files, then maybe you’re thinking of FTP. But I would find it hard to imagine that such a use wouldn’t fall afoul of NameHero’s own limitations – namely that everything on their servers must be directly connected to web hosting. If you’re using your storage as a dump for large files, you’re already in trouble.
Then How Do You Access Your Backend?
Worst case scenario, just use the in-built file manager that comes with the NameHero cPanel backend. It’s secure, and you will be able to securely login since the connection between your browser and NameHero is encrypted. You can even enable 2-factor authentication to be extra safe.
Best Alternative – SFTP
Even though you can use the cPanel file manager, it’s not as convenient as connecting from a dedicated program on your computer. For such a situation, you should connect using SFTP instead of FTP. SFTP is nothing but SSH. Here’s a guide on how to set up SSH and SFTP. The NameHero guide referenced here uses screenshots from Filezilla. I personally recommend WinSCP for Windows users. But you can use whatever SFTP application you want. As long as you don’t use FTP!
Granted, setting up SFTP isn’t as simple as creating a username and password on cPanel and then logging in. But such is the price of security. Luckily, you only need to do this once on any given computer on which the program is installed, so it’s not something you’ll be setting up often. And in a pinch, you can always use the cPanel file manager.
In short, there are always more secure alternatives to FTP. Stay away from it!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply