SFTP
Every MagicWP site has secure SFTP access to its files — themes, plugins,
uploads, and wp-config.php. It's password-based over SSH, so any standard SFTP
client or the sftp command works.
Find your credentials in the dashboard: your site → SFTP.
Connection details
The SFTP page shows everything you need. Copy each value from there:
| Setting | Value |
|---|---|
| Protocol | SFTP (SSH File Transfer) |
| Host | your site's domain, e.g. yourdomain.com |
| Port | 2222 |
| Username | shown on the SFTP page |
| Password | shown on the SFTP page (click the eye to reveal) |
The port is 2222, not 22
MagicWP serves SFTP on port 2222. Connecting on the default port 22 will fail — always set the port explicitly in your client or command.
Connect from the terminal
sftp -P 2222 [email protected]Replace USERNAME and the domain with your own values (the page shows a
ready-to-copy version of this command). You'll be prompted for the password
after you run it. Once connected, use ls, cd, get, and put to move files.
Connect with an SFTP client
Any SFTP client works — FileZilla, Cyberduck, WinSCP, Transmit — on Windows, macOS, or Linux. Create a new connection with:
- Protocol: SFTP / SSH File Transfer Protocol
- Host: your domain
- Port:
2222 - Logon type: Normal (username + password)
- User and Password: from the SFTP page
Save it, connect, and you'll land in your site's files.
Change your password
The dashboard always shows your current password, so there's no "forgot password" — just set a new one:
- On the SFTP page, click Change Password.
- Type a new password, or click Generate for a strong random one.
- Click Update Password.
Passwords must be 8–64 characters and include an uppercase letter, a lowercase letter, and a number. 12+ characters is recommended. The change applies immediately — update your saved client connection with the new password.
Where your files are
Once connected you'll see your WordPress install. The paths you'll use most:
| Path | Contents |
|---|---|
wp-content/themes/ | Your themes |
wp-content/plugins/ | Your plugins |
wp-content/uploads/ | Media library files |
wp-config.php | Site configuration |
Back up before editing core files
Editing WordPress core, active theme, or plugin files over SFTP can take your
site down if something breaks. Take a backup first, and avoid changing files in
wp-includes/ or a plugin's own folder unless you know what you're doing.
Security tips
- Never share your SFTP credentials.
- Use a strong password (12+ characters — mix upper/lowercase, numbers, symbols).
- Change the password immediately if you suspect it's been exposed.
- Verify the host key fingerprint the first time you connect.
- Always back up before editing files directly.