Setting Up a New FTP Account
Setting up a new FTP account is routine when multiple people are working on one websites. For example, when I install a website for a client, I’ll almost always need FTP access to the client’s files.
Whether you have a webmaster, or people (like me) are adding files temporarily, you’ll set up a separate FTP account for each person.
Then, when that person is no longer working on the website, you can delete that FTP account. This is important for security: Always give other people their own FTP accounts. Never share your own, main FTP account information.
More than you need to know: Some servers allow you to set up FTP access to just one directory (folder) at the website. This is an added security measure, if the extra person doesn’t need FTP access to the full website.
These screenshots are for sites with cPanel access. (In each screenshot, I’ve concealed my own file info.)
Most of my clients use Hostgator hosting — as I do — but as long as your hosting service provides you with cPanel (control panel) access, your admin screen should look similar.
Tip: If you’re not using Hostgator or another reliable hosting service that gives you cPanel, I recommend changing to Hostgator. It’s reliable, inexpensive, their support is amazingly good, and you’ll save hours (and headaches) in ease-of-use.
Here are the steps to setting up a new FTP account:
1. Log into your cPanel.
(At Hostgator, that’s usually at http://www.yourdomainname.com/cpanel Obviously, you’ll replace www.yourdomainname.com with your actual domain name. If you have other questions about Hostgator cPanel login, click here for their support page.)
2. On the main dashboard, click on FTP Accounts.
3. Once you’re there, your screen will look like this.
4. Enter the username (login) you’d like to use. (In the screenshot below, I used the username of “anyloginname” so the full FTP login would be firstname.lastname@example.org.)
5. Enter a good, strong password. (I usually use the password generator. Click the button and be sure to copy-and-paste the password to a text file — in Notepad or something similar — and save it before you go any further.)
6. Make sure the FTP directory is correct. Some systems — including Hostgator — have a default of /home/public_html/username
At least 90% of the time, that’s the wrong directory if someone is working on your website.
Here’s what the screen looks like before you correct that.
As the instructions show in that screenshot, you should delete everything starting with the final forward slash (/).
When you do that, your cPanel software usually suggests the basic directory. Here’s that screenshot.
Accept their suggestion, if it’s made. Otherwise, leave just public_html in that part of the form, manually. Either will produce the same results.
7. Now, be sure to save all of the following information. (If you’d like to use the text form I use for all my site information, click here to download it.)
- The FTP address. This usually looks like: ftp.yourdomainname.com
- The FTP username. In my example above, I used anyloginname. Obviously, you’ll want something unique. (When logging into FTP with that, my full username would be email@example.com.)
- The FTP password. That’s the password you saved in the text file (like in Notepad) when you were setting up the FTP account.
I keep a separate text file for each of my domains, and — in that text file — I have a list of all the FTP accounts with each username/password combination. That way, I have all the access information in one location.
Tip: In that text (Notepad) file, I also save my database info, my WordPress username & password info, and my cPanel login info. For convenience, I include my various API-type information, too: WordPress, Amazon, and so on.
I print it out and save a copy in a three-ring binder in my home office, so I always have this important information, even if my hard drive crashes.
8. Double-check the FTP access before sharing it with your webmaster or other site contributor.
9. As soon as that webmaster or other site contributor doesn’t need FTP access, delete that FTP account immediately.
The next screenshots show how to do that. First, click on Delete for that account.
Then, just delete the account, not the files.
Tip: Don’t just change the password; if a disgruntled former webmaster wants to create problems, he already has the username and only has to hack the new password.
And, of course, always have a backup copy of your website. I like to use WP-Twin for that, but other methods (including the free option: WP Export + WP database backup) can be adequate.
10. If you forget the password, change it. That’s the simplest solution.
First, in cPanel’s FTP screen, scroll down to the list of your FTP accounts. Then, click on “Change Password.”
Create a new password and save a copy in a text (or other) file. Then, click to save that password in your cPanel FTP dashboard.
The steps are shown, here:
Here’s what you should remember:
1. Always have backups of everything before you make any major changes in a website… including allowing someone access to that site’s files.
2. As long as you have a backup copy of your website, even if you totally break the website, you’re okay. You can always delete all the original files and database, and reinstall from scratch.
Tip: I back up my sites with WP Twin, which means — even with a total server crash — I’m never more than 25 minutes away from having my full website online as if nothing had happened. And, that includes my sites with over 500 articles and 1000 images. No tweaking necessary.
WP Twin is not inexpensive. However, as I’m writing this, it’s the only product of its kind. I’ve used it for years, and it’s been 100% reliable.
FTP accounts are a basic tool in website management. Though this can seem confusing at first, it’ll quickly become routine for you.
If you have any questions or comments, let me know.