Before reading this, please see Uploading Content To Your Web Site.

For security reasons, Birdhouse strongly recommends using SFTP to transfer files (Secure FTP) into your account, rather than FTP However, SFTP only works for transferring files into the master account. There are times when this is inappropriate. For example:

• You may have employees responsible for updating just one section of your site, and you don’t want to share the master account password with them.
• You may want to provide a drop-space into which a 3rd party can upload content or feeds that become part of your site – it would not be appropriate to share your master account password with a 3rd party.
• You may want to provide a semi-secret drop box into which public users can place content.

Traditional FTP lets you create multiple FTP accounts separate from the master account, and pointing to specific directory locations (thus preventing FTP users from “surfing” around to see other files on the system).

It is possible to use traditional FTP to connect with the master account’s username and password. We recommend strongly against doing this — that’s what SFTP is for.

To create separate FTP accounts with their own passwords, log into cPanel and click Site Management Tools | FTP Manager, then “FTP Accounts.” Click “Add FTP Account.” Enter a login name, password, and disk quota for the new FTP user.

If you enter a single / in the directory box, the new FTP user will have access to the entire public_html directory and all directories under it. If you just want the new user to be able to access a specific folder, type the path to that folder, e.g. “/bongo” (the “bongo” directory may or may not already exist).

Important: FTP users should be instructed to connect as username@domain.com, where username is the name of the FTP account you just created. In other words, traditional FTP accounts on Birdhouse get usernames that look like email addresses — this is not optional.

Once connected, transferring files is generally a simple drag-and-drop affair from the user’s desktop or file manager onto the server.

Note: If your traditional FTP client has trouble showing a directory listing once connected, disconnect it and set the connection type to passive mode.

Security and FTP: FTP/TLS

Here’s the dilemma: SFTP transmissions are encrypted, and thus secure. However, only one SFTP account is allowed per master account (that’s tha nature of Unix). You can have lots of FTP accounts associated with a single master account, and thus more granular access, but FTP is unencrypted and therefor not considered secure.

There is a middle-ground option, however:  Create FTP accounts as usual, then instruct users to connect with “FTP/TLS.” This will let them connect to a traditional FTP account securely. Users must use an FTP client that supports FTP/TLS. Many modern clients do, including Cyberduck for Mac.

Optional: To prevent users from being greeted by mysterious SSL certificate notices, have them connect to server gong.birdhouse.org rather than to your usual domain.

Return to FAQs