Security is always something you want to get a headstart on: the harder your site is to crack, the less likely people are to waste their time trying, when there’s thousands of other websites they can prey on.
One tactic I use on my sites is to connect to my server using SFTP, which is a much more secure method than FTP or FTPS, as it employs SSH: a key-driven encryption method, and all of your data is transmitted securely (FTP is actually pretty insecure, and you should avoid it if at all possible).
I even go so far as to close port 21 (FTP port) on my servers so that FTP isn’t even an option.
Anyway, know that you know why you should use SFTP, here’s how to actually do it:
Get your SSH keys
First of all, you need to create an SSH key pair. Log into cPanel and head for the SSH/Shell Access section. Then click on the Manage SSH Keys button. Unless you’ve done this before, there should be no keys on your server. So you can go ahead and click on Generate a New Key.
The key name can be anything you wish – it’s just for reference really. Then, enter a strong and random password (after all, why bother connecting with SFTP if you’re going to use a password like abc123) and write it down if you can’t remember it. As for the Key Type, I prefer RSA, and I make my Key Size 4096 (most secure).
Then click on Generate Key and cPanel will take a few seconds to generate your key pair. When you go back to the Manage SSH Keys section, you should see your key pair (one public and one private).
The next thing you want to do is authorize the keys for use: just because they exist, doesn’t automatically mean they can be used. So click on Manage Authorization and click on the Authorize button.
Lastly, you want to download your private key, in a special format, called ppk format. So, click on View/Download on the private key and enter your key password from when you created the pair, and convert the key into ppk format. The next page will then offer you the ability to download the .ppk file.
Using the key to connect using SFTP
Now, using an SFTP-enabled client, like WinSCP (Windows), FileZilla (Windows/Mac), or Transmit (Mac), create a new connection. Enter your server address and your cPanel username. You can leave the password field blank. Make sure that the connection type is SFTP, and you should be prompted for a key. This is the .ppk file you downloaded earlier. Load that up and click on connect.
You’ll have to enter the password for your key (not cPanel, unless you set them to be the same), and you should now see your files come up, as if you had connected by FTP, except that you’re now much more secure.