SSH and SFTP let you manage a website without sending credentials through insecure FTP. SFTP is used for file transfer, while SSH gives command-line access where enabled on the hosting product.
When to Use SFTP
Use SFTP when you need to upload, download, or edit website files from a desktop client such as FileZilla, Cyberduck, or an editor with remote file support.
SFTP is safer than plain FTP because the connection is encrypted. Avoid saving passwords in shared computers or passing credentials through chat tools.
When to Use SSH
Use SSH for command-line tasks such as checking files, running Composer, clearing application caches, inspecting logs, or testing paths. Only run commands you understand, especially commands that delete, move, or overwrite files.
Use Key-Based Access Where Possible
SSH keys are safer than reusable passwords when they are protected properly. Keep the private key on your own device, use a passphrase, and remove old keys when a developer no longer needs access.
Keep Access Scoped
- Create separate users for separate people where the platform allows it.
- Do not share one login across an agency, contractor, and site owner.
- Remove access after a migration, repair, or build is finished.
- Do not give hosting access to plugins, themes, or third-party services unless there is a clear reason.
Check Before Running Commands
Commands such as rm, mv, database imports, and recursive permission changes can break a site quickly. Before running them, check the current directory with pwd, list the files, and make sure you have a usable backup.
Useful Checks
pwdconfirms the current directory.ls -lashows files, hidden files, owners, and permissions.du -sh *helps identify large folders.tailcan read the newest lines from a log file.
Support tip: if you are asking for help, include the command you ran, the directory you ran it from, and the full error message. That is much more useful than a screenshot of a blank terminal.