WP Engine Products

WordPress Hosting

Boost performance while managing less

WooCommerce Hosting

Build faster and sell more with WooCommerce

Headless WordPress

Build, deploy, and manage headless sites

View More Products

Solutions

Small Businesses

Enterprises

Agencies

eCommerce

View More Solutions

Website Tools

Smart Plugin Manager

Website Tester

Website Monitoring

WordPress Themes and Tools

Local WordPress Development

Featured Plugins

Advanced Custom Fields

Build rich, custom content editing experiences

WP Migrate

Migrate WordPress sites with confidence

WP Offload Media

Offload media assets & serve them lightning fast

WP Offload SES

Improve email send reliability with Amazon SES

View More Recommended Plugins

WordPress Resources

WP Engine Resources

Articles and videos for help with WordPress

WP Engine Help Docs

Guides for site setup & troubleshooting

Free Website Migration

Automated migration plugin & support

Find a WordPress Agency

Need help? Search our agency directory

Stay Connected

WP Engine Blog

Builder Community

Headless Developer Community

Torque Magazine

Velocitize Magazine

Thought Leadership

Velocitize Talks

Erik Posthuma of Aleph-labs on Web3, Cryptocurrency, & More

Podcast

Press This, the WordPress Community Podcast

Study

The World’s First Study of the WordPress Economy

Why WP Engine?

Our Platform Technology

Managed WordPress Hosting

Fast WordPress

Secure WordPress

24/7 WordPress Support

About Us

WP Engine Reviews

How You Win with WP Engine

Build faster, protect your brand, and grow your business with the #1 WordPress platform to power remarkable online experiences.

Learn More

Customer Spotlight

Peak Performance With Headless WordPress

Android Authority increases speed 6x by adopting a headless architecture with a WordPress back-end.

All Case Studies

Contact sales

Call Us

+1-512-273-3906 to talk to a sales expert

Request a Quote

Submit a request for a personalized plan recommendation

Let’s Chat

Customer Support

Support Articles

Billing Help

Password Help

Log In for Support
Easiest Migration Ever!

Need Help Choosing a Plan?

We offer solutions for businesses of all sizes. For questions about our plans and products, contact our team of experts. Get in touch

Support Center
Setup A Site
Account & Features
Platform Information
WordPress Help
Troubleshoot
Browse All

SFTP Usage and Access

Last updated on March 26th, 2024

migrationsftpWPCore

When hosting your WordPress site on WP Engine, you may need to connect directly to your website’s filesystem to directly edit documents, upload/download content, delete files, or manage directories/folders. On other platforms you may be used to using FTP or cPanel to access files. At WP Engine we use SFTP which works the same for managing the file system, except it uses a layer of encryption for security and is restricted to a secured port.

Additionally, SFTP is not impacted by WordPress upload limits, so large media or content in bulk can be easily uploaded.

Most commonly you’ll need SFTP access when migrating your site, performing a partial restore, or while editing/accessing a specific file (such as the wp-config.php file).

NOTE

Prefer a command line interface to manage files and directories? Check out SSH Gateway instead.

Contents hide
1 SFTP Clients
2 Locate SFTP Credentials
3 Add SFTP User
3.1 Delete SFTP User
4 Connect to SFTP
5 SFTP Tips
6 Common Issues
7 Update SFTP Host Keys
7.1 Update Host Key
7.2 Delete All Host Keys
7.3 Update known_hosts File
8 Limitations

SFTP Clients

Before you can connect to your site’s file system, you’ll need access to a compatible client. While we don’t restrict the programs you can use, but a program may not be compatible. We recommend one of the following clients:

While you are free to use the SFTP client of your choice, your SFTP client will need to use one of the following supported ciphers:

  • aes192-ctr
  • aes256-ctr

We do not support the SFTP ciphers: SHA1, aes128-ctr, CBC, RC4, 3DES, MD5, and RIPEMD for security reasons. If your SFTP client uses one of these ciphers, it will not work properly with our platform and instead we recommend using one of the clients listed above.

NOTE

Before connecting, always ensure your client is updated, as this is a common cause of connection issues.

Locate SFTP Credentials

SFTP users can be managed from the Users and SFTP page of an environment.

  1. From the Sites page, select the environment name
  2. Open Users and SFTP
  3. Select the SFTP tab

Here you will find any existing SFTP users, as well as the SFTP address (hostname) and port number for connecting to SFTP. Additionally you can view and manage existing SFTP user credentials.

Add SFTP User

Along with an SFTP client you will need SFTP credentials. These are not your wp-admin or User Portal credentials. Each set of SFTP credentials will only work for one environment.

  1. From the Sites page, select the environment name
  2. Open Users and SFTP
  3. Select the SFTP tab
  1. Click Create SFTP user
  1. Fill out the following required fields:
    • Username — Your environment name will be appended automatically:
      • EX: environmentname-username
  2. Click Add SFTP User
  3. Password — You can securely generate a random password by clicking the lock icon, or set a password with the following requirements:
    • At least 8 characters
    • Uppercase and lowercase letters
    • Include numbers and special characters
    • Once the password has been set it cannot be viewed again. If you lose the password, you will have to set a new one. Be sure to copy or write the password down before saving.
  4. Path (Optional) — Specify a directory when connecting with SFTP (defaults to root).
    • Must be a relative path, starting with a forward slash.
    • Do not include HTTP/HTTPS, or your domain.
    • Any subdirectory within path defined can also be accessed.
      • Example 1: To restrict a theme developer to all theme directories, enter /wp-content/themes/
      • Example 2: To restrict a vendor to media uploads from April 2019, enter /wp-content/uploads/2019/04/

SFTP usernames cannot be modified after creation, however the user can be deleted and a new user created with the desired name.

Delete SFTP User

To delete an SFTP user:

  1. From the Sites page, select the environment name
  2. Click Users and SFTP
  3. Select the SFTP users tab
  4. Locate the user, then click Delete to the right

Connect to SFTP

After adding an SFTP user, take note of the SFTP Address and Port Number in your User Portal. The SFTP address is different for every environment.

In this example we’ll be using FileZilla, but the fields should be similar in any client. Fill out the following fields then hit Connect.

Host  — SFTP Address

  • Your environment name plus sftp.wpengine.com
  • EX: mysite.sftp.wpengine.com

NOTE

When using Quick Connect in FileZilla you will need to specify sftp protocol by also adding sftp:// before the hostname. (Shown in example image below.) EX: sftp://environment.sftp.wpengine.com

Username  — Username set in the User Portal. Your unique environment name is appended and hyphenated automatically.

  • Ex: environment-someuser

Password — Password exactly as set previously in the User Portal.

  • Pay attention to capital letters, spaces, symbols, etc.
  • If you forgot the password it cannot be viewed again after saving. You must edit the SFTP user to set a new password.

Port — Always set to 2222

  • No other port numbers will work here.

NOTE

You may see a pop-up referring to SSH host keys if you’ve never connected before. Accept any warnings to continue.

SFTP Tips

  • Make a backup before editing any site content.
  • Once you are connected to your site, you will see a directory listing of your computer’s contents on the left. Your remote website directory is on the right.
  • Double-click a directory name to expand and view the contents.
  • Drag and drop files between locations or directories.
  • If you are replacing a file be sure to accept any prompts to overwrite the existing file or you will not see your changes.
  • Reset file permissions and purge server caches from the WP Engine plugin after making changes.
  • Location quick reference:
    • Theme files: wp-content/themes/
    • Plugin files: wp-content/plugins/
    • Uploads: wp-content/uploads/
      • Often divided further by year, then month: wp-content/uploads/2019/04
  • Your SFTP host name and user name will both include the environment name at the beginning. This should make verifying that you’re connecting correctly a little easier.

Common Issues

Error: Cannot establish FTP connection to an SFTP server. Please select proper protocol.

  • Ensure you have set your client to connect using SFTP protocol.
  • This may be a dropdown to select SFTP, or you may have to preface your hostname field with sftp://
    • EX: sftp://mysite.wpengine.com
  • Ensure you are using the correct port. Only port 2222 is supported.

Error: Authentication failed.

  • The user name or password is wrong.
  • Change your password or try adding a completely new user.

I’m being prompted to update my SSH host keys. I hit “accept”, but still can’t connect.

  • During security updates our server host keys can change. You may need to delete your existing SSH host keys first before new ones can be properly accepted by your SFTP client.

Still unable to connect with SFTP?

  • Restart your FTP client completely
  • Try connecting with a different client
  • Ensure your client is up to date
  • Verify the path you’re connecting to exists as a directory on your website, or reset the path to default completely
  • Create a different SFTP user
  • Try to connect to any other environments on your account with SFTP
  • Contact our Support team

I connected without an error, but my remote directory and file listing is blank.

  • Check the path your user is configured for. Does it exist? Is it spelled right?
  • We recommend resetting this to default (blank) and trying again.

I’m not seeing changes on my site after uploading a file.

  1. Reset file permissions
  2. Purge server caches
  3. Purge local caches

Still not seeing your changes?

  1. If you modified a theme/plugin file, ensure you have the correct theme/plugin name activated
  2. Add a comment to the top of your file and upload it again
  3. Try opening your file in the browser directly- Do you see your comment or code changes?
    1. EX: http://mydomain.com/wp-content/uploads/test.txt
  4. Try uploading a test TXT file to the same directory, then see if you can load that file in your browser directly. Can you view this test file?

If you can see changes in the files when viewed directly but not on the website, it is most likely a caching issue.

  • Try purging local and server caches again
  • You may even need to restart your computer
  • Test again on a mobile device, disconnected from WiFi

If you can’t see any changes when directly viewing files you’ve added, it’s most likely an SFTP connection issue.

  • Check the host name, username, password and port.
  • Verify you’re uploading to the correct directory
  • Confirm the file name spelling and capitalization

Update SFTP Host Keys

If when using your SFTP client on WP Engine, you receive a warning that your “host keys do not match” or “host key changed”, you will need to update host keys stored on your local machine. There are three options to update your host keys.

Update Host Key

Option one in this scenario is to manually update your host key. This method generates the new host key and connects you to your host: environment.sftp.wpengine.com. This is the easiest, recommended method. Please keep in mind these steps need to be taken on the local computer where you are experiencing this issue.

Run the following command in a local Mac/Linux Terminal window, where environment is the name of your WP Engine environment:

  1. cd ~/.ssh
  2. ssh-keygen -R environment.sftp.wpengine.com:2222

Delete All Host Keys

Option two in this scenario is to delete the host key entry for your host: environment.sftp.wpengine.com

Mac/Linux

To delete your local host key, you just need to remove your known_hosts file. Open terminal and run the following commands:

  1. cd ~/.ssh
  2. rm known_hosts

Windows

To update your local host key on a Windows machine, open up PuTTY and perform the following steps:

  1. Open up regedit.exe by doing a search
  2. Navigate to HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys
  3. Delete all keys listed

Update known_hosts File

Similar to removing removing all known hosts in Option two, this option removes just one known host.

The warning message your SFTP client shows will usually list the line in known_hosts that is triggering this message, so be sure to make a note of this.

Mac/Linux

On Mac/Linux you can simply edit the file using vi, which is a text editor. Run the following commands. Be sure to update 100 to the line number your error message displays.

  1. cd ~/.ssh
  2. vi known_hosts +100

Once the file opens to this line:

  1. Type the key d twice to remove the line
  2. Type :x to save.

Windows

On a Windows machine using PuTTY, go to the Registry folder just like in step two. In that directory, a list of hostnames appears. Right click on the environment.sftp.wpengine.com one, and then select Delete.

Limitations

We do not support the SFTP ciphers SHA1, aes128-ctr, CBC, RC4, 3DES, MD5, and RIPEMD for security reasons. If your SFTP client uses one of these ciphers, it may not work properly with our platform. We suggest reaching out to your SFTP software maker to get instructions on how to disable these.

WP Engine does not support FXP (File eXchange Protocol) due to its dependency upon FTP (File Transfer Protocol), which is an insecure method of transferring files. WP Engine only supports SFTP (Secure File Transfer Protocol) due to its improved security features.

NEXT STEP: Troubleshooting with the WP Engine error logs

Still need help? Contact support!

We offer support 24 hours a day, 7 days a week, 365 days a year. Log in to your account to get expert one-on-one help.

Log in for one-on-one help

The best in WordPress hosting.

See why more customers prefer WP Engine over the competition.

See Our Products

See Our Plans