Welcome to the Treehouse Community
Looking to learn something new?
Frederick Bogdanoff15,336 Points
What's the story on FTP?
Hey guys! I've got a couple questions.
I'm currently working on an ecommerce website using WordPress with WooCommerce And it's pretty much ready for production.
I've uploaded the website using FTP, but the website isn't done yet, so I haven't set up any sensitive information like credit card information. My main question is if it's safe to add that sensitive information through the WordPress admin? being that my website was uploaded to the server with FTP. Or does it only apply to whenever I upload or update files through FTP that I'm at risk?
And if it is risky, do i need to delete everything and re-upload everything using a more secure way?.. And is FTP something that I should completely stay away from? Or is there things I could do to secure my information while still using FTP?.. I'm kind of nervous about all of this.
Not really sure if this question applies to security, databases or wordpress. So I'm posting this in security because i think that makes the most sense? Thanks in advance.
Jennifer NordellTreehouse Teacher
Hi there! The risk here really is that someone could potentially be snooping on your internet traffic over FTP when you make the connection. It doesn't alter your files in any way. But someone could be watching your traffic, including but not limited to, your authentication to the server. They could, in that way, get your login information which would allow them the same admin access that you have to that site.
You definitely should not stay away from FTP as it is the method to upload your files to your site. That being said, there are now a couple of different variations on the original FTP protocol that better secure your connection so that this sort of thing can't really happen.
There are some differences between the two and I found a fairly good article explaining the non-secure version and the two more secure versions. Take a look at this article
Hope this helps!