Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

Security

Frederick Bogdanoff
Frederick Bogdanoff
15,338 Points

What's the story on FTP?

Hey guys! I've got a couple questions.

I'm currently working on an ecommerce website using WordPress with WooCommerce And it's pretty much ready for production.

I've uploaded the website using FTP, but the website isn't done yet, so I haven't set up any sensitive information like credit card information. My main question is if it's safe to add that sensitive information through the WordPress admin? being that my website was uploaded to the server with FTP. Or does it only apply to whenever I upload or update files through FTP that I'm at risk?

And if it is risky, do i need to delete everything and re-upload everything using a more secure way?.. And is FTP something that I should completely stay away from? Or is there things I could do to secure my information while still using FTP?.. I'm kind of nervous about all of this.

Not really sure if this question applies to security, databases or wordpress. So I'm posting this in security because i think that makes the most sense? Thanks in advance.

1 Answer

Jennifer Nordell
seal-mask
STAFF
.a{fill-rule:evenodd;}techdegree
Jennifer Nordell
Treehouse Teacher

Hi there! The risk here really is that someone could potentially be snooping on your internet traffic over FTP when you make the connection. It doesn't alter your files in any way. But someone could be watching your traffic, including but not limited to, your authentication to the server. They could, in that way, get your login information which would allow them the same admin access that you have to that site.

You definitely should not stay away from FTP as it is the method to upload your files to your site. That being said, there are now a couple of different variations on the original FTP protocol that better secure your connection so that this sort of thing can't really happen.

There are some differences between the two and I found a fairly good article explaining the non-secure version and the two more secure versions. Take a look at this article

Hope this helps! :sparkles: