In order for a computer network to exchange data and resources, it takes a collection of various devices such as routers, switches, and computers. That network would then need to follow a protocol, likely multiple protocols, to establish proper communication between all of those devices. FTP and SFTP are two such protocols.

What is SFTP and FTP? FTP provides a way of exchanging files over the network whereas SFTP allows for the secure access, transfer, and management of files across data stream. FTP is data is sent as a plain text while SFTP encrypts all data to being sent out.

The primary difference between FTP and SFTP is security. FTP does not provide a secure channel to transfer files between multiple devices, while SFTP does. Therefore, SFTP is more secure than FTP. However, this article will delve a little deeper into the differences between these two protocols.

HDG Explains: What Is SFTP & FTP?

To understand the differences between SFTP and FTP, you will first have to better understand what it is they both are and do. The uses vary only slightly between them yet the differences run a bit deeper than they appear at first glance.

What Is FTP?

FTP, or File Transfer Protocol, is a standard network protocol that allows files to be transferred over a network between a client (local computer) and a server. 

Prior to operating systems having graphical user interfaces (GUIs) FTP was developed to send and receive files between older text-based computers and networks. It was one of the original programs used to access information on the internet well before Hypertext Transfer Protocol (HTTP) came around. 

Today, there are three primary ways in which to use FTP: Graphical FTP Clients, Web Browser, and Command-line FTP. Each is suitable for various applications including desktops, servers, mobile devices and hardware platforms.

Graphical FTP Clients

These clients allow for files to be transferred in a drag and drop format. Filezilla is probably the most well-known free FTP client for Windows operating systems. For Mac there’s Cyberduck. 

Typically, when opening a program, you’ll enter the FTP host, your username, and a password. Some servers may have it set up so that you can enter anonymously, in which case the username and password may not be needed.

You can then drag and drop files and folders from host to server (and vice versa), and wait for the transfer to complete.

Web Browser

Using a web browser to connect to an FTP server will likely be more familiar as you can connect to the FTP address the same way you would an HTTP address. A web browser also makes it easy to browse a larger directory, read files, and retrieve them. It will also do you the service of handling some site connection details and file transfers automatically.

Although web browser FTP can seem convenient, it is often slower and less reliable than a dedicated FTP client. They also tend to have fewer features.

Command-line FTP

You may not know it but your operating system likely has built-in command-line clients. So long as your operating system is Windows, Mac, or Linux anyway. Open your operating system’s prompt (command prompt for Windows, Terminal for Mac, or console for Linux) to get started. 

Then, as an example, type in

ftp ftp.empire.gov

Now press Enter. Then, if you’re accessing your own account, use the username and password for that account. If accessing anonymously, use anonymous as your username and your email address as the password. 

At this point, you’ll want to be in the directory where the files you want to move are stored. You can enter the mput command followed by the name of the file or folder, and press Enter to trigger the transfer.

There are plenty of commands for you to learn, if willing, that can assist you in future FTP transfers. Indiana University has a few useful FTP commands to check out if interested.

What Is SFTP?

SFTP, which stands for SSH File Transfer Protocol, is a network protocol similar to FTP in that it allows for file accessing, transferring, and file management but over a secure and reliable data stream. 

Unlike FTP, it does not utilize separate command and data channels. Instead, it transfers files in specially formatted packages in a single connection. The SSH in the name stands for Secure SHell protocol, for which SFTP is an extension. This provides an added level of security when utilizing the SFTP protocol.

You can use SFTP in the same ways provided to FTP, the biggest difference being the secure connection. Filezilla and Cyberduck also offer SFTP as part of their free package which is definitely something you’ll want to take advantage of.

When connecting to an SFTP server it assumes that the connection is running over a secure channel. This removes the need for client authentication as the client user identity is made available to the protocol.

WordPress is an excellent example of a site that allows for both FTP and SFTP connections. When attempting to add a theme you’ve saved to your computer or a server, it could be necessary to transfer that theme via either FTP or SFTP. 

This is to avoid WordPress from denying certain lines of code that your theme might require during a normal transfer. This is true of other files, not just themes.

Key Difference Between SFTP & FTP

The most notable and obvious difference is in the definition. SFTP is a secure network protocol whereas FTP is not. Another would be the protocol types. FTP is a TCP/IP based protocol. SFTP is an SSH-based protocol. 

TCP/IP stands for Transmission Control Protocol/Internet Protocol. In other words, it’s the standard protocol that governs communications among all the computers on the internet.

  • FTP establishes its control connection on TCP port 21 whereas SFTP transfers files under the connection established by the SSH protocol between client and server. 
  • FTP only sends data in plain text format while SFTP encrypts all of its data prior to being sent to the host. 
  • SFTP is also an independent protocol providing host to host transfers where FTP is a more open protocol.

A while back, in order to add a bit of security to FTP, Netscape created the SSL, or Secure Sockets Layer (currently TLS, or Transport Layer Security). SSL was then applied to FTP to create FTPS. 

This allowed data to be exchanged in a secure manner using FTP via two secure variants: FTPS Implicit SSL and FTPS Explicit SSL. Both of which utilize SSL encryption.

In the end, the only key difference that most will need to worry about is that SFTP provides a secure way to transfer files from one host to another. FTP only provides a standard transmission of plain text through two channels, a command and a data channel, without encryption.