SFTP
Secure File Transfer Protocol configuration and management for WordPress file access
SFTP Management
Securely manage your WordPress files using SFTP (SSH File Transfer Protocol). Learn to configure secure connections, manage file permissions, and transfer files safely.
SFTP Overview
What is SFTP?
SFTP (SSH File Transfer Protocol) is a secure method for transferring files between computers. Unlike FTP, SFTP encrypts all data transfers and provides secure authentication using SSH keys or passwords.
Benefits of SFTP
- Encrypted Transfer: All data is encrypted during transfer
- Secure Authentication: Uses SSH keys or secure passwords
- File Permissions: Maintains proper file permissions
- Directory Navigation: Full directory structure access
- Remote Commands: Execute commands on remote server
SFTP Client Setup
Recommended SFTP Clients
FileZilla (Cross-platform)
# Download and install FileZilla
# Ubuntu/Debian
sudo apt-get install filezilla
# macOS
brew install filezilla
# Windows: Download from filezilla-project.orgCyberduck (macOS/Windows)
# macOS
brew install cyberduck
# Windows: Download from cyberduck.ioWinSCP (Windows)
# Download from winscp.netConnection Configuration
Basic Connection Setup
- Open SFTP Client
- Create New Site/Profile
- Enter Connection Details:
- Host: Your domain or server IP
- Port: 22 (default SSH port)
- Protocol: SFTP
- Username: Your SFTP username
- Password: Your SFTP password (or use key file)
Advanced Connection Settings
{
"connection_name": "WordPress Site",
"host": "yourdomain.com",
"port": 22,
"protocol": "SFTP",
"username": "your_sftp_user",
"password": "your_secure_password",
"remote_path": "/public_html",
"local_path": "/local/wordpress/backup",
"keep_alive": 30,
"timeout": 60,
"compression": true
}SSH Key Authentication
Generate SSH Key Pair
Linux/macOS
# Generate RSA key pair
ssh-keygen -t rsa -b 4096 -C "your-email@example.com"
# Generate Ed25519 key pair (more secure)
ssh-keygen -t ed25519 -C "your-email@example.com"
# Save to custom location
ssh-keygen -t rsa -b 4096 -f ~/.ssh/wordpress_key -C "wordpress-sftp"Windows (PowerShell)
# Generate RSA key pair
ssh-keygen -t rsa -b 4096 -C "your-email@example.com"
# Generate Ed25519 key pair
ssh-keygen -t ed25519 -C "your-email@example.com"Install Public Key on Server
Method 1: Using ssh-copy-id
# Copy public key to server
ssh-copy-id -i ~/.ssh/wordpress_key.pub user@yourdomain.com
# Or specify port if not default
ssh-copy-id -i ~/.ssh/wordpress_key.pub -p 2222 user@yourdomain.comMethod 2: Manual Installation
# Connect to server via SSH
ssh user@yourdomain.com
# Create .ssh directory if it doesn't exist
mkdir -p ~/.ssh
chmod 700 ~/.ssh
# Add public key to authorized_keys
echo "your-public-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
# Verify key installation
cat ~/.ssh/authorized_keysSSH Config File
Client Configuration (~/.ssh/config)
# WordPress SFTP configuration
Host wordpress-site
HostName yourdomain.com
User your_sftp_user
Port 22
IdentityFile ~/.ssh/wordpress_key
IdentitiesOnly yes
ServerAliveInterval 60
ServerAliveCountMax 10
# Staging environment
Host wordpress-staging
HostName staging.yourdomain.com
User staging_user
Port 22
IdentityFile ~/.ssh/staging_key
IdentitiesOnly yesFile Permissions Management
Understanding WordPress Permissions
Recommended File Permissions
# WordPress files and directories
find /path/to/wordpress -type f -exec chmod 644 {} \;
find /path/to/wordpress -type d -exec chmod 755 {} \;
# wp-config.php (more restrictive)
chmod 600 /path/to/wordpress/wp-config.php
# .htaccess (if using Apache)
chmod 644 /path/to/wordpress/.htaccess
# wp-content/uploads (allows file uploads)
chmod 755 /path/to/wordpress/wp-content/uploadsOwnership Settings
# Set correct ownership
chown -R www-data:www-data /path/to/wordpress
# For shared hosting
chown -R youruser:youruser /path/to/wordpress
chown -R www-data:youruser /path/to/wordpress/wp-content/uploadsPermission Troubleshooting
Common Permission Issues
# Check current permissions
ls -la /path/to/wordpress/
# Find files with wrong permissions
find /path/to/wordpress -type f -not -perm 644
find /path/to/wordpress -type d -not -perm 755
# Fix permissions recursively
find /path/to/wordpress -type f -exec chmod 644 {} \;
find /path/to/wordpress -type d -exec chmod 755 {} \;WordPress-Specific Permissions
# Allow WordPress to update itself
chmod 755 /path/to/wordpress/wp-content
chmod 755 /path/to/wordpress/wp-content/themes
chmod 755 /path/to/wordpress/wp-content/plugins
# Secure sensitive files
chmod 600 /path/to/wordpress/wp-config.php
chmod 600 /path/to/wordpress/.htaccess
chmod 600 /path/to/wordpress/wp-content/debug.logFile Transfer Operations
Upload Files
Single File Upload
# Using SFTP command line
sftp user@yourdomain.com
cd /public_html/wp-content/themes
put local-theme.zip
exit
# Using SCP
scp local-theme.zip user@yourdomain.com:/public_html/wp-content/themes/Directory Upload
# Upload entire directory
scp -r /local/themes/my-theme user@yourdomain.com:/public_html/wp-content/themes/
# Using rsync for large transfers
rsync -avz /local/themes/my-theme user@yourdomain.com:/public_html/wp-content/themes/Download Files
Backup Download
# Download entire WordPress site
scp -r user@yourdomain.com:/public_html/* /local/backup/
# Download specific directories
scp -r user@yourdomain.com:/public_html/wp-content/uploads /local/backup/
# Download database backup
scp user@yourdomain.com:/home/user/database-backup.sql /local/backups/Selective Download
# Download theme files only
scp -r user@yourdomain.com:/public_html/wp-content/themes/my-theme /local/themes/
# Download plugin files
scp -r user@yourdomain.com:/public_html/wp-content/plugins/my-plugin /local/plugins/Remote File Management
Directory Operations
Create Directories
# Create new theme directory
sftp user@yourdomain.com
mkdir /public_html/wp-content/themes/new-theme
ls -la /public_html/wp-content/themes/
exit
# Create backup directory
mkdir -p /local/backups/$(date +%Y-%m-%d)List and Navigate
# Connect and navigate
sftp user@yourdomain.com
ls -la /public_html
cd wp-content/themes
ls -la
pwdFile Operations
Edit Files Remotely
# Edit files using SFTP client
# Or download, edit locally, then upload
# Download file for editing
get /public_html/wp-config.php /local/wp-config.php
# Edit locally, then upload
put /local/wp-config.php /public_html/wp-config.phpDelete Files and Directories
# Remove single file
rm /public_html/wp-content/cache/old-cache-file.php
# Remove directory recursively
rm -rf /public_html/wp-content/themes/old-theme
# Remove multiple files
rm /public_html/wp-content/uploads/2020/01/*.jpgSecurity Best Practices
Connection Security
Use Strong Authentication
# Generate strong SSH key
ssh-keygen -t ed25519 -b 4096 -f ~/.ssh/wordpress_key -C "wordpress-sftp-$(date +%Y%m%d)"
# Use passphrase for additional security
ssh-keygen -t rsa -b 4096 -f ~/.ssh/secure_key -N "strong-passphrase"Disable Password Authentication
# Edit SSH server configuration
sudo nano /etc/ssh/sshd_config
# Disable password authentication
PasswordAuthentication no
ChallengeResponseAuthentication no
# Restart SSH service
sudo systemctl restart sshdAccess Control
Restrict User Access
# Create SFTP-only user
sudo useradd -m -s /bin/false sftpuser
sudo passwd sftpuser
# Configure SSH for SFTP-only access
sudo nano /etc/ssh/sshd_config
# Add SFTP user configuration
Match User sftpuser
ChrootDirectory /home/sftpuser
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding noIP-Based Restrictions
# Restrict SSH access to specific IPs
sudo nano /etc/hosts.allow
# Allow specific IPs
sshd: 192.168.1.100
sshd: 10.0.0.0/8
sudo nano /etc/hosts.deny
# Deny all other connections
sshd: ALLPerformance Optimization
Transfer Optimization
Compression Settings
# Enable compression in SSH config
nano ~/.ssh/config
Host wordpress-site
Compression yes
CompressionLevel 9Parallel Transfers
# Use multiple connections for large transfers
# Using lftp for parallel transfers
lftp -c "open sftp://user@yourdomain.com; mirror --parallel=5 /remote/path /local/path"Connection Optimization
Keep Alive Settings
# Configure SSH keep alive
nano ~/.ssh/config
Host wordpress-site
ServerAliveInterval 60
ServerAliveCountMax 10
TCPKeepAlive yesBandwidth Limiting
# Limit transfer speed
scp -l 1000 large-file.zip user@yourdomain.com:/destination/
# Using rsync with bandwidth limit
rsync --bwlimit=1000 /local/file user@yourdomain.com:/remote/fileTroubleshooting SFTP Issues
Connection Problems
Common Connection Issues
# Test SSH connection
ssh -T user@yourdomain.com
# Test with verbose output
ssh -vvv user@yourdomain.com
# Test specific port
ssh -p 2222 user@yourdomain.com
# Test SFTP specifically
sftp -oPort=22 user@yourdomain.comFirewall Issues
# Check if port 22 is open
telnet yourdomain.com 22
# Test from different network
ssh -T user@yourdomain.com
# Check server firewall
sudo ufw status
sudo iptables -LAuthentication Issues
Key Authentication Problems
# Verify key permissions
ls -la ~/.ssh/
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
# Test key authentication
ssh -i ~/.ssh/id_rsa -T user@yourdomain.com
# Check server authorized_keys
ssh user@yourdomain.com "cat ~/.ssh/authorized_keys"Password Authentication Issues
# Test password authentication
ssh user@yourdomain.com
# Check SSH server configuration
sudo nano /etc/ssh/sshd_config
# Ensure PasswordAuthentication yes
# Restart SSH service
sudo systemctl restart sshdFile Transfer Issues
Permission Denied
# Check file permissions
ls -la /remote/directory/
# Check ownership
ls -ld /remote/directory/
# Fix permissions
chmod 755 /remote/directory/
chown user:user /remote/directory/Transfer Speed Issues
# Test connection speed
scp -v large-file.zip user@yourdomain.com:/tmp/
# Check network configuration
ping yourdomain.com
traceroute yourdomain.com
# Test with different cipher
ssh -c aes128-gcm@openssh.com user@yourdomain.comAdvanced SFTP Features
SFTP Server Configuration
Custom SSH Port
# Change SSH port
sudo nano /etc/ssh/sshd_config
Port 2222
# Update firewall
sudo ufw allow 2222/tcp
# Restart SSH
sudo systemctl restart sshd
# Update client configuration
nano ~/.ssh/config
Host wordpress-site
Port 2222SFTP Chroot Jail
# Create chroot directory
sudo mkdir -p /home/sftp-user/chroot
sudo chown root:root /home/sftp-user/chroot
sudo chmod 755 /home/sftp-user/chroot
# Configure SSH for chroot
sudo nano /etc/ssh/sshd_config
Match User sftp-user
ChrootDirectory /home/sftp-user/chroot
ForceCommand internal-sftp
AllowTcpForwarding no
X11Forwarding noAutomation Scripts
Automated Backup Script
#!/bin/bash
# Automated SFTP backup script
# Configuration
REMOTE_HOST="yourdomain.com"
REMOTE_USER="backup-user"
REMOTE_PATH="/home/backup-user/backups"
LOCAL_PATH="/local/backups"
DATE=$(date +%Y%m%d_%H%M%S)
# Create backup
tar -czf ${LOCAL_PATH}/wordpress_backup_${DATE}.tar.gz /path/to/wordpress
# Upload via SFTP
sftp ${REMOTE_USER}@${REMOTE_HOST} << EOF
cd ${REMOTE_PATH}
put ${LOCAL_PATH}/wordpress_backup_${DATE}.tar.gz
ls -la
exit
EOF
# Cleanup old backups
find ${LOCAL_PATH} -name "wordpress_backup_*.tar.gz" -mtime +7 -delete
echo "Backup completed: wordpress_backup_${DATE}.tar.gz"Scheduled Sync Script
#!/bin/bash
# Scheduled file synchronization
SOURCE_DIR="/local/wordpress/wp-content/uploads"
REMOTE_HOST="yourdomain.com"
REMOTE_USER="sync-user"
REMOTE_DIR="/public_html/wp-content/uploads"
# Sync files
rsync -avz --delete \
--exclude='cache/' \
--exclude='*.log' \
-e "ssh -i ~/.ssh/sync_key" \
${SOURCE_DIR}/ \
${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_DIR}/
# Log sync result
echo "$(date): Sync completed" >> /var/log/wp-sync.logIntegration with Development Workflow
Git Deployment
Git-based Deployment
# Clone repository on server
ssh user@yourdomain.com
cd /public_html
git clone https://github.com/yourusername/your-theme.git wp-content/themes/your-theme
# Or update existing repository
cd wp-content/themes/your-theme
git pull origin mainAutomated Git Deployment
#!/bin/bash
# Git deployment script
REMOTE_HOST="yourdomain.com"
REMOTE_USER="deploy-user"
REMOTE_PATH="/public_html"
LOCAL_REPO="/local/wordpress-repo"
# Push changes to remote
cd ${LOCAL_REPO}
git push production main
# SSH to server and update
ssh ${REMOTE_USER}@${REMOTE_HOST} << EOF
cd ${REMOTE_PATH}
git pull origin main
# Run any post-deployment tasks
wp cache flush
wp plugin update --all
EOF
echo "Deployment completed successfully"Monitoring and Logging
SFTP Activity Logging
SSH Logging
# Enable SSH logging
sudo nano /etc/ssh/sshd_config
# Enable logging
LogLevel VERBOSE
SyslogFacility AUTH
# Restart SSH
sudo systemctl restart sshd
# Monitor logs
tail -f /var/log/auth.logCustom Logging
# Create custom SFTP log script
nano /usr/local/bin/sftp-logger.sh
#!/bin/bash
LOG_FILE="/var/log/sftp-activity.log"
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
USER=$USER
COMMAND=$SSH_ORIGINAL_COMMAND
IP=$SSH_CLIENT
echo "${TIMESTAMP} - User: ${USER}, IP: ${IP}, Command: ${COMMAND}" >> ${LOG_FILE}Connection Monitoring
Real-time Monitoring
# Monitor active SFTP connections
watch -n 5 'ps aux | grep sftp'
# Monitor SSH connections
netstat -tnpa | grep :22
# Monitor disk usage
df -h /homeAlert System
# Create alert for failed connections
nano /usr/local/bin/sftp-monitor.sh
#!/bin/bash
FAILED_LOGINS=$(grep "Failed password" /var/log/auth.log | wc -l)
if [ $FAILED_LOGINS -gt 5 ]; then
echo "Alert: High number of failed SFTP logins detected" | mail -s "SFTP Security Alert" admin@yourdomain.com
fiBest Practices
Security Best Practices
- Use SSH Keys: Avoid password authentication
- Strong Keys: Use Ed25519 or RSA 4096-bit keys
- Key Management: Regularly rotate SSH keys
- Access Control: Limit user access to necessary directories
- Monitor Activity: Log and monitor SFTP activity
Performance Best Practices
- Compression: Enable SSH compression
- Connection Reuse: Use connection multiplexing
- Parallel Transfers: Use multiple connections for large files
- Bandwidth Limiting: Prevent network saturation
- Caching: Cache frequently accessed files
Operational Best Practices
- Regular Backups: Backup files before major changes
- Version Control: Use Git for file versioning
- Documentation: Document file structures and permissions
- Testing: Test file operations in staging environment
- Monitoring: Monitor transfer speeds and success rates
Secure and efficient WordPress file management with SFTP.