When transferring files to a server via FTP, users sometimes wonder which protocol and port to choose for a secure connection.

In this short guide, we’ll describe the differences between the protocols and explain how to connect to FTP on Smarthost servers using popular FTP clients.

The original FTP (File Transfer Protocol) was designed to allow users to browse directories and transfer files between computer systems. The FTP protocol has no security, and all information—including usernames, passwords, and file data—is transmitted unencrypted. Anyone on the same network can easily inspect the data being transferred between computers.

The connection methods with SSL/TLS encryption supported on our hosting are the FTPS (also known as FTPES) and SFTP protocols.

Encrypted FTPS connection – not supported

A so-called Implicit FTPS connection works very similarly to HTTPS on websites, establishing a secure connection using the TLS/SSL protocol before the FTP session begins. This protocol uses port 990, which is blocked on most hosting services (including Smarthost). Instead, secure FTP connections are enabled through port 21 using the newer FTPES protocol.

Encrypted FTPES connection – recommended

The explicit FTPES protocol works a bit differently. It uses newer FTP commands to upgrade an unencrypted FTP connection to a secure one during the initial authentication stage. The FTPES protocol is a little more firewall-friendly than FTPS and allows the server and client to negotiate different levels of encryption and integrity protection on the control and data channels.

This protocol is widely used on many hosting services and is also supported by Smarthost.

Encrypted FTP (with TLS/SSL) is often referred to as:

• FTPES
• explicit FTPES
• FTP connection with explicit TLS/SSL encryption

Encrypted SFTP connection

Another method for establishing secure connections and exchanging files is the SSH File Transfer Protocol (SFTP), but despite the similar names, SFTP is a completely different protocol than the well-known FTP.

SFTP is an extension of the Linux terminal connection protocol (SSH), so an SFTP connection requires SSH access to be enabled on the hosting account, which is available for all types of accounts at Smarthost.

A limitation associated with the SFTP protocol is that it requires a connection where the login is a physical account on the server. Therefore, with cPanel software, there can only be one such account per hosting account. In the case of the previously described protocols like FTP or FTPES, you can create an unlimited number of “virtual” FTP accounts that point to any folder within the hosting account.

Examples of encrypted FTP connection configurations

In our case, to connect via FTP using an encrypted SSL/TLS connection, we will use the FTPES protocol connecting through the standard port 21.

You need to create an FTP account through cPanel or use an existing primary account. After that, you can proceed to your FTP client program to connect.

Once you have an FTP account, you can check the connection details in cPanel by clicking on “Configure FTP Client.” This will display all the necessary connection information that you can easily copy and paste into your program

We’ll demonstrate the connection process using two very popular programs: Filezilla and WinSCP.

Configuring an encrypted FTP connection using FileZilla.

Let’s start with the Filezilla program. Fill in the fields as shown in the screenshot below, using the data displayed earlier (you can leave the port blank; by default, port 21 will be used).

Next, we can click “Quickconnect,” and the program will start connecting via FTPES, as this is the default connection mode.

You will then need to accept a window with a warning about an unknown certificate. This message appears because you are connecting through the client’s domain name instead of the server’s name. After you accept it, the connection will be secured by this certificate.

After accepting the certificate, the connection should be established automatically. The status window should show messages indicating a successful connection, as displayed below.

From now on, we can transfer files and folders via FTP using a secure connection.

Configuring an encrypted FTP connection using WinSCP.

In this case, you should create a “New Session” and fill in the details as shown in the screenshot below.

Upon clicking “Login,” a similar certificate acceptance window appears, just as with Filezilla. You need to accept the certificate.

The connection will then be established, and the directories and files will be displayed on the program screen.

To summarize

When connecting with Filezilla, the default connection will already use SSL/TLS encryption and port 21. So, after entering your details and accepting the certificate, the connection will be immediately secure.

In the WinSCP program, however, you need to select the correct option from the list because both unencrypted and encrypted connections are possible (both work on port 21). Therefore, you must select the appropriate option before establishing the connection.