When it comes to keeping your site files safe, changing FTP password plays a crucial role. You may be just setting up these credentials or doing routine checks. It could also just be that an employee has left and you need to change those credentials to avoid unauthorized access. Changing all passwords is also an important step to take if you’re dealing with a security breach.
As a side note, if you’re worried that you’ve been hacked, scan your website now.
Whatever your reason for changing your FTP credentials, it is an important but easy process. In this article, we will dive into different methods and offer some tips on password security.
TL;DR: Changing FTP credentials is crucial for data security. The easiest way is through cPanel, but if you don’t have it, you can change the password using your web host account. If you are familiar with the command line, it’s another easy way to change your FTP password.
You will see FTP or SFTP bandied about quite a bit when speaking of WordPress sites. FTP can be used to install plugins and themes or upload media files reliably onto your site server. FTP can also be used to access core files, like the .htaccess or wp-config.php file, to make changes. The long and short of it is that FTP is hugely useful because it gives you easy access to your site files. And for this very reason, it must be secured.
Having said that, not everyone needs or uses FTP regularly. In some cases, admins only become aware of FTP when they have a specific task, and FTP is listed as a means to accomplish it. Therefore admins often need to set their credentials for FTP access to their sites.
To reset lost or forgotten FTP credentials, you need to have access to your web host dashboard or cPanel. If you have them but need to change them, then the command line method will also work.
1. Change FTP password using a web host
Your web host dashboard should be the first port of call when resetting your FTP password.
For Cloudways users, this process is made straightforward through a user-friendly interface. In this guide, we will walk you through the step-by-step process of changing or setting up FTP credentials on Cloudways, ensuring you have full control over your website’s access and data.
However, it’s important to note that the steps outlined here are specific to Cloudways’ hosting environment. Depending on your hosting provider or server setup, the process of managing FTP credentials will vary. Consult your hosting provider’s documentation or support team for specific instructions tailored to their platform.
Go to the Cloudways website and log in to your account.
Once logged in, click on the Applications tab at the top of the page.
Select the correct application for which you want to change the FTP credentials.
On the right side, you’ll find the Application Credentials section. These are your FTP credentials.
Click the pencil icon next to the password. This will open a popup box that allows you to edit the credentials.
Add your new FTP credentials, including the username and password, in the provided fields.
Click Submit to save the changes.
To ensure the password change was successful, test the new FTP credentials using an FTP client like Cyberduck or FileZilla.
Note: If this is your first time setting up the FTP credentials, you can use the same process to set them up.
2. Change FTP password on cPanel
Hosting control panels like cPanel and Plesk offer user-friendly interfaces that simplify the process of modifying FTP credentials, granting website owners greater authority over their data.
In this section, we present a step-by-step guide to changing FTP credentials using cPanel, one of the most widely used hosting control panels.
Log in to your cPanel account using your username and password.
In the Files section of cPanel, locate and click on FTP Accounts.
To create a new FTP account, provide a new username (in the login field) and a strong password. Then, click on the Create FTP Account button.
To change FTP password of an existing account, find the desired account in the list and scroll to the right. Click on Change Password next to the respective account.
In the provided fields, enter your new password for the FTP account and click on Change password to save the changes.
To ensure that the password change was successful and the new credentials work, you can test the updated FTP login by using an FTP client like Cyberduck.
Please note that the process for changing FTP credentials on other hosting control panel software, such as Plesk, will be similar.
3. Change FTP password using the command line
In this section, we will explore the step-by-step process of changing your FTP password using the command line. All that’s required is a computer with a command line interface and the FTP login credentials. For this tutorial, we’ve used the macOS terminal.
You’re going to need to install WP-CLI. Be warned, this process can be quite time-consuming, if your computer doesn’t have the prerequisites already installed. We needed to set up Homebrew and then PHP to get WP-CLI to work.
Open up Terminal.
Enter the following command and replace “yourdomain.com” with the actual domain or IP address of your FTP server.
When prompted, type in your FTP username and current password to log in to the FTP server.
After successfully logging in, use the following command to change your FTP password.
You will be asked to enter your current password. Provide your current password and press Enter.
Next, you will be prompted to enter a new password. Type in your desired new password. Note that the password characters will not be visible as you type.
Confirm your new password by entering it again when prompted.
If the password change is successful, you will receive a confirmation message. Otherwise, you may be prompted to retry or encounter an error message indicating the issue.
Type quit and press Enter to exit the FTP session.
Pro Tip: If you use Filezilla’s site manager, you will also need to add the new credentials for your FTP client to work as normal.
Best practices for password security
Password security is the best way to prevent brute force login attacks from penetrating your site. While it can seem very difficult to remember several 16-characters strings of random characters and numbers, we have listed a few ways to gain that advantage without the immense strain it usually requires.
Create new FTP accounts for temporary employees: To maintain a high level of WordPress security, avoid sharing your own FTP credentials with temporary employees or third parties. Instead, create separate FTP accounts with limited access for each individual who requires temporary access. On Bluehost, go to the cPanel and find FTP accounts in the Files section. Add new credentials that have custom privileges. This ensures that you can revoke access easily once their tasks are completed, without compromising your primary account.
Use a password manager: Employing a reliable password manager can be a game-changer in your quest for enhanced security. A password manager generates and stores strong, unique passwords for all your accounts, ensuring you don’t have to rely on memory or reuse passwords. With this tool, you can maintain a vast array of complex passwords without the risk of forgetting or compromising them.
Never use the same password twice: Refrain from using the same password across multiple accounts, as this practice poses a significant security risk. If one account gets compromised, it can potentially lead to unauthorized access to all your other accounts. Utilizing unique passwords for each account creates an additional layer of defense against potential data breaches.
Never share passwords: Sharing passwords, even with close friends or colleagues, can expose your accounts to unforeseen vulnerabilities. Use a password manager to provide your passwords to only those individuals with legitimate access needs.
Avoid saving passwords in web browsers: While web browsers offer the convenience of saving passwords, doing so may compromise security. If your device gets compromised or stolen, unauthorized users could easily access your accounts. Instead, rely on password managers for secure storage and retrieval of your credentials.
Use a WordPress security plugin for added protection: When managing your website, consider using a security plugin like MalCare. MalCare actively protects your site from future hacks, monitors potential threats, and provides real-time security alerts. Even if your password has been compromised, MalCare prevents brute force bots from breaking into your site. By proactively mitigating risks, you enhance your website’s resilience against potential attacks.
While changing your FTP password, encountering issues can be frustrating. In this section, we’ll explore common troubleshooting steps to help you.
If you’re unable to use either a web host or cPanel, try the following:
Verify correct login credentials: The first and most crucial step is to ensure that you’re using the correct username and password combination. Double-check that you’ve entered the accurate login credentials for cPanel or your web host control panel. Keep in mind that FTP accounts might have separate credentials, so make sure to use the correct ones associated with your FTP access.
Reset cPanel or web host credentials: If you’ve verified your login details and still can’t access cPanel or the web host control panel, consider resetting your password. The process of resetting the password may vary depending on whether it’s for your web host or cPanel account. Refer to the respective platforms for their password reset procedures.
If the password isn’t getting changed, try all the following steps:
Check account permissions: Ensure that your FTP account has the necessary permissions to modify FTP settings. Sometimes, restricted account permissions can prevent password changes. If you’re uncertain about your account’s privileges, contact your web host or administrator for clarification and assistance.
Temporary technical issues: Occasionally, web hosting servers or control panels may encounter temporary technical difficulties that can impact password changes. In such cases, it’s best to exercise patience and wait for a while before attempting to change the password again. Often, the issue resolves itself once the temporary technical glitch is resolved.
If you can’t access your FTP client to test your credentials:
Verify server, username, and password: Double-check that you have entered the correct server details, username, and password in your FTP client. For instance, ensure that the server’s public IP address matches the one specified in your FTP client settings. Different hosting providers might have variations in server addresses, so it’s crucial to use the right information specific to your host.
Check the correct protocol FTP or SFTP: Depending on your hosting environment, you may need to use either FTP (File Transfer Protocol) or SFTP (Secure File Transfer Protocol) to establish the connection. It’s essential to understand the difference between the two protocols, as they require distinct configurations, including IP addresses and port numbers. Verify with your web host which protocol they support and use the corresponding settings in your FTP client.
FTP: Usually operates on Port 21.
SFTP: Utilizes SSH (Secure Shell) to establish a secure connection and typically operates on Port 22.
Contact web host support: If the steps above don’t resolve the issue, it’s time to seek support from your web host. Get in touch with their customer support team and describe the problem you’re facing with changing your FTP password. They can offer specific troubleshooting steps or make any necessary adjustments on their end to help you overcome the issue.
In conclusion, the easiest way to change FTP password is via your web host. Your web host provides a variety of ways to access your site’s server, be it the dashboard or a control panel software like cPanel. Either way, those are the first places to go when resetting FTP credentials.
Furthermore, it’s essential to recognize the significance of FTP credentials as the gateway to your website files and content. By safeguarding and periodically changing these credentials, you can bolster your site’s security and protect it from potential threats.
However, it’s crucial to understand that changing FTP credentials alone may not provide comprehensive protection against all forms of cyberattacks. To fortify your website’s security measures further, consider using additional security tools like MalCare. MalCare is a powerful WordPress security plugin that has a reliable malware scanner, easy malware removal, and an excellent firewall. All of this can help keep your website safe in ways that even the best password security can’t.
What are the default FTP credentials?
The default FTP credentials typically vary depending on the hosting provider and the server configuration. In many cases, shared hosting providers will provide you with FTP login details upon creating your hosting account. Some, like Cloudways, require you to create an FTP account for applications. However, there is no universal set of default FTP credentials, as it can be customized by the hosting company or server administrator.
How to find FTP credentials?
This process will depend on the web host on type of hosing that you use. To find your FTP credentials on Bluehost’s shared hosting, you can follow these steps:
Log in to your hosting control panel (e.g. cPanel).
Navigate to the “FTP Accounts” section.
Look for existing FTP accounts or create a new one if necessary.
The FTP credentials will usually consist of a username and password associated with the FTP account.
What are FTP login credentials?
FTP login credentials refer to the information required to access a server via File Transfer Protocol or FTP. It typically includes a username, password, the server IP address or domain name, and sometimes a port number. These credentials are used by FTP clients to establish a secure connection and manage files on the server.
Why is WordPress asking for FTP credentials when installing a plugin?
In some cases, when installing a plugin or performing updates on a WordPress site, the platform may ask for FTP credentials. This can occur if WordPress doesn’t have sufficient permissions to modify or add files directly on the server. By providing FTP credentials, WordPress can use them to authenticate and make the necessary changes to your site’s files securely. This is often encountered in shared hosting environments where server settings restrict direct file modification by the web server process.