File transfer protocol (FTP) is one of the oldest ways to move files across systems. It remains part of many workflows because it is simple to use and works with large or repeated file transfers. Some organizations still use FTP to send data between departments or upload files to a website or remote server. Others keep it in place for legacy systems that are still active in their environment.
The method you use determines how files are transferred. A graphical FTP client provides a simple layout with menus and buttons that facilitate easier navigation. The command line offers more control but requires typed commands and a higher level of familiarity with the system. Knowing how each option works can help you find the best fit for your organization’s setup. Explore these different methods and learn how more secure protocols can protect your file transfers from common cybersecurity risks.
Warning: Use FTP with caution
FTP does not protect your data. It sends your username, password and files without encryption. This means anyone watching the network can see your login and what you send. It does not matter if you are on public Wi-Fi or a work connection. Everything moves in plain text. That makes it dangerous for any data that needs to stay private.
Because of this risk, most teams no longer use plain FTP. They now choose secure file transfer protocol (SFTP) that runs over a secure shell (SSH) network or file transfer protocol over SSL (FTPS). These add encryption and stronger security. Some use managed file transfer (MFT) tools instead. MFT platforms like JSCAPE by Redwood support secure protocols and help meet rules like HIPAA and PCI DSS. When security matters in your organization’s file transfer processes, do not trust outdated FTP systems.
What is an FTP client?
An FTP client is the software application that your end users directly interface with. When an FTP user enters login credentials, selects a file or issues an FTP command, that user performs these actions against an FTP client. The client then works in tandem with an FTP server to respond to those actions or execute those commands.
FTP clients can have either a graphical user interface (GUI) or a character user interface (CUI). CUI-based clients are also known as command-line clients because you interface with them by entering commands manually on the command line. Of the two, GUI-based FTP clients are much easier to use. Users can interact with GUI-based clients through graphical menus, option buttons, buttons and other graphical elements.
GUI-based FTP clients usually come in the form of standalone software applications. Examples of this type of clients include FileZilla, AnyClient and CyberDuck. Some web browsers and even some operating system file management applications like Mac’s Finder and Windows’s Explorer come with FTP client capabilities as well.
What is an FTP server?
An FTP server is a machine that lets users move files between computers using the file transfer protocol. It waits for incoming connections and responds when users log in or send commands. Port 21 is used for the control connection. That’s where commands like login or file lists are handled. Port 20 is used when data gets sent, like during file uploads or downloads. These ports are part of how FTP was first designed, and they are still used today.
The problem is that FTP does not use encryption. It sends login info and file contents as plain text. That makes it risky on open or public networks. Someone could intercept the data and read everything. To fix that, many organizations use SFTP or FTPS. These add a layer of encryption to protect the session. JSCAPE works with FTP, but it supports more secure protocols like SFTP, FTPS and more as well. That gives organizations more control over security while still supporting older systems.
How to FTP a file using a graphical FTP client
Start by opening your graphical FTP client and connecting to the server. Clients like FileZilla and Cyberduck can also use secure methods such as SFTP or FTPS. These secure options protect your username, password, and files by using encryption. They help keep your data private while it moves between systems. If the client gives you the choice, pick a secure method over basic FTP.
How to establish an FTP connection
To connect to an FTP server using a client, you will need to enter a few details. This information usually comes from the server administrator. If you want to protect your login and data, use SFTP or FTPS instead of plain FTP. These secure options add encryption to the connection. The first set of details you’ll typically need to provide are:
- IP address or hostname: This is the server’s location. It may be written as an IP address (for example, 10.0.0.161) or a hostname (like ftp.yourcompany.com).
- Port number: This is the port the server uses. Most FTP servers use port 21. SFTP uses port 22. FTPS can use either port 990 or 21 depending on the setup.
- Login credentials: This means your username and password. Some servers allow anonymous FTP, which does not need a password. Most organizations turn this off for security reasons.
Some setups also ask for extra details:
- Local directory: This is the folder on your computer that holds the files you upload. It is also where downloaded files are saved.
- Remote directory: This is the folder on the server where uploaded files are stored. It is also where files for download are found.
- Transfer mode: This tells the client what kind of file you are transferring. Use ASCII for plain text files. Use binary for images, programs or anything else. If you do not know which to choose, check the client’s help section.
Graphical clients usually show a form where you can type in this information. After you finish, click connect. Once the connection is active, you can move files by uploading or downloading them through the interface.
How to upload files
After you’ve successfully logged in, you should see two panels. One panel will show the file system on your local machine. Another panel will show you the file system on the remote server. In the sample screenshot below, the left panel represents the local file system, while the right panel represents the remote FTP server’s file system.
You can navigate into folders in the local file system and select files you want to upload. You can also navigate into the remote folder where you wish to store the uploaded files. Once you’ve selected the file(s) to upload, you may click the upload button. In the sample screenshot below, the upload button, which is only enabled once a local file is selected, is represented by a right arrow. Some FTP clients, like the one shown in the screenshot below, may display a graphical representation of the file transfer status.
Some FTP clients allow you to simply double-click the files you wish to upload, so you can try that action as well.
How to download files from FTP
The download process works much like the upload process. The main change is where you select the files. Instead of choosing from your local system, you must select files from the remote server. These files usually appear in a separate section of the FTP client’s user interface.
To download files, find the remote file you want. You can click the download button or double-click the filename. That action sends a command to the FTP server and starts the file transfer. Some clients let you highlight multiple files at once. After the download begins, a data connection is made between your system and the server.
Using the FTP command line: A quick overview for beginners
Some users still choose to work from the command line instead of using a graphical FTP client. It gives them more control and is often faster for small tasks. Most systems like Windows, Linux and macOS come with a basic FTP command tool already installed. Commands like GET or CURL are also available and can help automate file transfers. These are useful for quick jobs or when using remote servers without a user interface.
Using the FTP command line has some risks. Standard FTP sends data and passwords in plain text. That means anyone watching the network can read them. This can be a problem when working on public Wi-Fi or sending private files. SFTP uses SSH to add security. FTPS adds protection using SSL or TLS. These protocols are better for keeping file transfers safe.
Command for connecting to an FTP server
ftp [hostname or ip address]
for example:
ftp ftp.example.com
or
ftp 10.0.0.161
You’ll then be asked to submit your username and then your password. If the authentication process succeeds, you can then start issuing commands for uploading or downloading files.
Command to upload files
mput [filename1] [filename2] … [filenameN]
Note that each filename is separated by a space. So, for example,
mput file1.txt file2.txt file3.txt
Command to download files from FTP
mget [filename1] [filename2] … [filenameN]
Again, each filename is separated by a space. So, for example,
mget file1.txt file2.txt file3.txt
You can also use command-line tools to script and automate these tasks. This is helpful for scheduled transfers or repeated actions. Just be careful because automating insecure FTP sessions can expose your data and credentials if encryption is not used.
Why plain FTP lacks, and what you should use instead
The original FTP has been used for many years, but it does not include the security needed for modern networks. Files sent through FTP face many risks. Data moves without encryption, which allows attackers to intercept usernames, passwords and file contents. This makes data theft and man-in-the-middle (MITM) attacks easier. It also creates issues for organizations that must follow security standards. Compliance mandates such as HIPAA, PCI DSS and GDPR require encryption during file transfer. FTP cannot meet those standards on its own.
SFTP and FTPS are safer choices for file transfer. SFTP uses SSH to protect both commands and data. FTPS adds encryption with SSL or TLS. These methods prevent interception and offer stronger authentication. For larger organizations, JSCAPE MFT Server by Redwood is a solution that supports SFTP, FTPS, HTTPS and other secure file transfer methods. It includes automation, compliance tracking and role-based access. These features make it easier to secure files and lower the chance of mistakes.
Here’s a quick comparison of the three options:
| Feature | FTP | SFTP | JSCAPE MFT Server |
| Authentication security | Weak | Strong | Role-based, multi-layered |
| Automation | Basic scripts | Supported | Built-in scheduling tool |
| Centralized management | No | No | Yes |
| Compliance support | No | Limited support | Full support |
| Encryption | No | SSH | SSH, SSL/TLS, HTTPS and more |
Secure file transfers are important. Using the right protocol helps prevent data breaches and keeps your systems compliant with security mandates.
Try a secure, automation-ready file transfer solution
JSCAPE helps teams send and receive files in a secure way. It works with major protocols like SFTP, FTPS and HTTPS. Each transfer uses end-to-end encryption to protect your data. User accounts, keys and passwords can all be managed from one central place. This makes it easier for you to keep track of access and avoid mistakes. JSCAPE also helps to support compliance mandates like HIPAA and PCI DSS, so your organization can meet common compliance needs.
You can also use JSCAPE to automate file transfers. It lets you build workflows that run on a schedule or are triggered by certain events. This makes tasks faster and more consistent. You do not need to start every transfer by hand. Large jobs and repeated tasks become easier for your organization to manage. Try JSCAPE for free to see how it can help your file transfers stay secure and organized.
Downloads
The FTP client we used for this article is called AnyClient, a free, platform-independent client that supports a wide range of fast and secure file transfer protocols (e.g., FTPS, SFTP, WebDAV/S, AFTP and more) in addition to FTP. AnyClient runs on Windows, OS X, Linux and Solaris.
Download the always-free AnyClient. Download Now
Explore more how-to guides and expert tips to improve your file transfer security and workflow.
That Free FTP server might cost more than you think
Fixing SSH/SFTP client connection issues
Frequently Asked Questions
What is an FTP file transfer?
FTP stands for “file transfer protocol.” It is a standard method used to move files between computers over a network or the internet. The process involves two separate connections between systems: one for sending commands and another for transferring data. Common FTP commands include send, get, change directory and transfer. The protocol also supports three modes — block, stream and compressed — which determine how the data is sent. FTP is commonly used to transfer large files or multiple files between servers, websites or devices on the same network.
Organizations that don’t need to transfer sensitive data can use FTP for website updates, backups or data sharing across teams. It works with both command-line and graphical clients and allows users to upload or download data from an FTP server. However, modern security standards have made FTP less common. The data it sends can be read by anyone intercepting the connection. Because of this, organizations are shifting to secure options such as SFTP or FTPS, which protect data with encryption and better authentication controls.
See how you can forward files from FTP to SFTP server with JSCAPE
Why is an FTP file transfer insecure?
FTP was designed decades ago when most networks were small and trusted. Security threats were not as serious or widespread as they are now. The protocol was designed for open communication between systems, rather than for privacy or data protection. When someone connects to an FTP server, both the username and password are sent as plain text. The same applies to the files being transferred. This means that anyone monitoring the connection can capture and read the data.
Without encryption, FTP leaves users exposed to several kinds of cybersecurity risks, such as password sniffing, data spoofing and man-in-the-middle attacks. These threats can lead to data theft or unauthorized access. Organizations that must adhere to compliance mandates, like HIPAA, PCI DSS or GDPR, cannot rely on FTP because it fails to protect sensitive information. Secure alternatives such as SFTP and FTPS now provide the same transfer functions but use encryption to keep the data private.
Learn how to protect your FTP from threats
What’s the difference between FTP and SFTP?
File transfer protocol (FTP) is one of the oldest methods used to move files between systems. FTP uses ports 20 and 21 and does not protect the data it sends. That means your login credentials and files are exposed during transfer. Anyone watching the connection can read the information. This makes FTP risky for private or business use. It also fails to meet most compliance mandates, including HIPAA and PCI DSS.
Secure file transfer protocol (SFTP) runs over a secure shell (SSH) connection. This means all data, including your passwords and file contents, is encrypted during the session. SFTP uses port 22 and is better suited for safe file transfers. It also allows stronger authentication and is more commonly used in secure systems. Organizations typically choose SFTP to replace older FTP setups. Comprehensive MFT solutions like JSCAPE by Redwood support both FTP and SFTP but always recommend using secure protocols when possible.
Can I automate file transfers securely?
Yes, you can automate file transfers securely. Some command-line tools like wget, curl or built-in FTP clients support basic scripting. These tools are available on most operating systems, including Linux, Windows and macOS. While scripts can save time, they are risky if used with plain FTP. That is because FTP sends data in clear text. Passwords and files can be intercepted. Security gets worse when scripts are set to run on public networks or without restrictions.
A safer option is to use an MFT platform like JSCAPE by Redwood. It supports secure protocols such as SFTP, FTPS and HTTPS. JSCAPE also includes built-in automation tools. These let you schedule transfers, trigger workflows based on events and control user access, all from a centralized user interface. It helps reduce manual work while protecting sensitive data. It also supports compliance tracking and role-based controls. JSCAPE keeps automation smooth without sacrificing your organization’s security.
Discover how to set up automated file transfers for your organization
