We often recommend that website owners do not share the root or default FTP account access information with ANY third party. That is for their security. We do, however, recommend that if you need to give FTP access to your site to someone, you create a new FTP account.
Add New FTP Account
Creating a new FTP account varies depending on what sort of web host admin panel you’re working with. Let’s stick to cPanel, as that’s one of the most popular.
To create a new FTP account in cPanel:
- Log into cPanel (you might try yourwebsite.com/cpanel to see if that redirects you)
- In the Files section, click FTP Accounts
- In the Login field, type the name of the FTP user you want to create. On shared hosts, this FTP user name will be formatted as firstname.lastname@example.org.
- In the Password fields, enter a strong password. We recommend using something like StrongPasswordGenerator.
- You can set a quota for the account, but it’s best to leave this as unlimited or unset.
- In the Directory field, cPanel will auto-populate an assumed directory based on the FTP username, but that is normally silly. So, we recommend setting that to the root (as in “/”) or /public_html/.
- Click Add FTP User
Sharing FTP Account Information
FTP access is one of those things you want to be vary careful sharing. A fairly low-tech but secure way to do it is to email the domain name and full username for the FTP account and then texting just the password. In this way, you can keep the password and the username seperate.
There are other ways, of course, but that’s the “easy way.”
Disabling an FTP Account
Once the third-party has done whatever you asked them to do, it’s not a bad idea to then disable or delete the FTP account you setup for them. If you think you’ll work with them again soon, the easiest thing to do is to click on FTP Accounts again from your cPanel, select their FTP Account and change the password–not telling them what the new password is.
That way, you can simply text them the new password when you want them to make a change for you again. In the meantime, they no longer have FTP access to your website.
If you delete an FTP user, you can’t resurrect the account as easily. Since many shared web hosting providers allow for an almost unlimited (or obscene number) of FTP accounts, we generally recommend just changing the password for these 3rd-party FTP access accounts.