Summary: Transferring files to and from your host has potential vulnerabilities. You can avoid issues by maintaining good secure file transfer habits.
Use SFTP not FTP
Here’s why: FTP is not secure because your data files, username, and password are transmitted over the Internet as plain text with NO encryption.
This presents a significant security risk!
SFTP on the other hand stands for “Secure File Transfer Protocol”. SFTP ensures your data files, username, and password are securely transferred using a private and safe data stream. This secure transfer occurs both, as you are transfer files to and from your host server.
Depending on your hosts requirements you may need 5 pieces of information to access your website using SFTP:
1. Your host’s server FTP address or servers IP address.
2. Your FTP user name (your hosting account user name)
3. Your FTP password (your hosting account password)
4. Your SFTP Port number. You will need to contact your hosting service technical support to obtain the SFTP Port number.
5. SSH keys
Contact your host and ask for instructions on how to set up an SFTP connection. Once setup you will have secure access to the your WordPress files on your host server.