Blog / FTP, SFTP and FTPS protocols, and their differences

FTP, SFTP and FTPS protocols, and their differences

by SW Team

FTP, SFTP and FTPS represent the main protocols used for file transfer, and while their acronyms are similar, they have significant differences in terms of security and the way data is handled. It is crucial to understand these distinctions in order to determine which one best suits our particular needs in each situation.

It is essential to take these discrepancies into account and to understand the particularities of each protocol in order to make an informed decision on which one to use. The choice will largely depend on the purpose for which it will be used, although it is always recommended to opt for a protocol that offers an additional layer of encryption. In this sense, FTPS or SFTP are more secure options.

One free software that is highly recommended for installation is Filezilla, a client that supports FTP, SFTP and FTPS (FTP over SSL/TLS) protocols, and is lightweight and easy to configure.

Are you looking for a provider to host your website or start a project? With the hosting that we offer at SWHosting you will have a good starting point that suits your needs.



The term FTP, which stands for "File Transfer Protocol", refers to a protocol created in the 1970s for transferring files between systems connected to a TCP network.

Data exchange

By default, uses port 21 to validate client connections and execute commands between an FTP client and a server. User authentication is performed using the USER and PASS commands, and the channel remains active until the QUIT command is issued, which disconnects the server.

Data exchange, in the form of directory and file listings, takes place over the data channel, using temporary ports listening on the server or on the client. In addition, other commands such as LIST, STOR and RETR are used to fetch directory listings from the server, upload files and download them, closing the data channel once the transfer is complete.


In terms of security, FTP lacks a security layer, which differentiates it from SFTP and FTPS. Data is transferred as plain text, without encryption, which facilitates the interception of files and authentication data. However, this lack of encryption allows for faster data transmission compared to other protocol.


Server: Incoming connections must be allowed on port 21, and passive port ranges can be defined for directory listing and file transfer.

Client: Outgoing connections to port 21 and the passive port range determined by the server must be allowed.



FTPS, which stands for "FTP over SSL", is an extension of the FTP protocol that adds a layer of security through SSL (Secure Sockets Layer), also compatible with the TLS (Transport Layer Security) protocol.

Data exchange

In terms of data exchange, FTPS maintains the same structure as standard FTP.


In terms of security, FTPS uses two channels: one for control and one for transfer, with two variants:

Implicit FTP over SSL: Encrypted connection is the default, using port 990 for the control channel and port 998 for data. This frees up port 21 for standard FTP use.

Explicit FTP over SSL or FTPES: client and server negotiate the level of protection. This allows both standard FTP connections over port 21 and encrypted connections with SSL.

In the case of FTPES, the client initiates an unencrypted connection to the FTP server. Before sending the user credentials, the client requests the server to switch to the SSL encrypted command channel with AUTH TLS or AUTH SSL. If all is OK, the client sends the user credentials.

It is important to note that the use of multiple channels can cause problems with certain firewall configurations, so it is necessary to review the settings to ensure correct operatio.


Server: Incoming connections must be allowed on port 21 and/or port 990. In addition, passive port ranges can be defined for listing and file transfer.

Client: Outgoing connections to port 21 and the passive port range set by the server must be allowed.


SFTP, an acronym for "SSH File Transfer Protocol", is a protocol developed independently of FTP, although its functionality is similar. Unlike FTP, SFTP uses port 22 to encrypt both data transfer and control, just like the SSH protocol on which it is based.

Data exchange

A notable feature of SFTP is that it does not use separate connections for commands and data; they are transmitted together over a single connection in a special format.


In terms of security, SFTP encrypts the data exchanged between client and server using an established encryption method. In addition, it offers the option of public key authentication, which adds an additional layer of security by using public and private keys for SFTP sessions.


Server: Incoming connections to port 22 must be allowed.

Client: outgoing connections to the same port 22 must be allowed.

Do you need a server on which to host your data? We recommend our servers with integrated SWPanel, where you can make use of the many tools we offer, including a file manager integrated into your services.