Use SFTP on WordPress.com

Secure File Transfer Protocol is a secure FTP method to transfer files to and from your site. This guide will show you how to use SFTP on WordPress.com.

This feature is available on sites with the WordPress.com Business and Commerce plans. If you have a Business plan, make sure to activate it. For free sites and sites on the Personal and Premium plans, upgrade your plan to access this feature.

SFTP is an advanced function for those experienced in editing website files.

Most actions you can take in SFTP can be done without SFTP, including:

• Uploading images, documents, and other file types.
• Uploading themes.
• Uploading plugins.
• Moving a website to WordPress.com.
• Downloading backup files.
• Adding code to header files.

Do not edit files unless you know exactly what the change will do. Uploading unknown files or editing existing files without understanding them may lead to your site breaking and can also cause you to lose data on your site. You can test code and file changes first on a staging site.

SFTP is a method to access the files and folders on a website via a client program such as FileZilla on your local computer. SFTP stands for Secure File Transfer Protocol (or SSH File Transfer Protocol). It was designed as an extension of the SSH (Secure SHell) protocol. The “secure” part is because it is run over a secure channel, in this case, SSH.

SFTP is not a more secure version of FTP (File Transfer Protocol), even though they share similar names. While their application is similar, and both are possible via many of the same client programs, they each use very different underlying technologies.

While GitHub Deployments are generally used to deploy code updates to your site, SFTP is often used to transfer media files. SFTP is also useful for debugging issues with your site by allowing you to access the file system directly, especially if you use a staging site.

To access your site’s SFTP credentials for the first time, take the following steps:

1. Visit your Sites page: https://wordpress.com/sites/
2. Click the ⋮ next to your site and select Settings.
3. Scroll down and click SFTP/SSH.

4. Click the “Create credentials” button. This only needs to be done once and will generate the SFTP username and password for the selected site. The credentials will be used for both SFTP and SSH connections.
5. The SFTP/SSH credentials will be displayed in the following format:
   • URL address
   • Port number
   • Username
   • Password
6. Click the Copy button next to any value to copy it to your device’s clipboard.
7. Paste your credentials into your preferred SFTP client. Visit our guide to setting up and SFTP client.

Store your SFTP password in a safe place. For security reasons, we do not store your SFTP/SSH password, so if you lose or forget your password, the “Reset password” button can be used to generate a new one.

The username and password are generated by the system automatically. These are unique to your site, so if you have multiple sites, you’ll use multiple usernames and passwords, one for each site, in your SFTP client.

Under SSH, you can toggle on the “Enable SSH access to this site” option. A connection command will appear which can be copied and pasted into a terminal application: