<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=348068&amp;fmt=gif">
Couchdrop
Book a demo
Platform
Integrations
Resources
Pricing Security Support Company

What is FTP and how does it work?

Posted on Oct 12, 2025 • Updated on Oct 13, 2025

FTP is an acronym that has been around the internet since the early days. Standing for File Transfer Protocol, FTP is a method for moving files between systems. We'll explain what that means in more detail, the difference between FTP and other protocols, and basic requirements for setting up a connection using FTP. 

What is a transfer protocol? 

When networks and computing were still in their infancy, there was a major problem that needed to be solved: if there is a file on a specific machine, how can you get that file to a machine that is elsewhere? Transfer protocols were created to make sure that there was an agreed-upon set of parameters to make this transfer possible. 

A transfer protocol is a set of rules and requirements for transmitting files between systems. The protocol specifies what is needed to initiate and maintain a connection, as well as how the files will be transferred. 

There are several different transfer protocols, each with a slightly different use case. Probably the most commonly used today is Secure File Transfer Protocol or SFTP. This is because one of the requirements is encrypting the connection, something that isn't required in FTP, and one reason why FTP isn't as popular as it once was. 

But even though it's not as widespread as it used to be (and considered obsolete), FTP is still used by millions of machines because it was once the best option for transferring files between remote systems, so it's still useful to understand what it is and what it's used for. 

 

A basic explanation of what FTP is

FTP was developed over 50 years ago as a way to transfer files between a local machine and a remote machine. Before FTP, there wasn't a simple way to move files between devices that couldn't physically connect. FTP changed this, and was revolutionary at the time, because files could be transferred across vast distances with ease. 

So how does FTP work exactly? 

There are two devices involved in an FTP connection. The user's computer is often referred to as the local host, while the second device is usually the remote host. Both devices need to be connected to a network (which can include the internet) and have the right configuration/software to use the FTP protocol. 

Typically, the remote host will be an FTP server, a machine that enables file transfer, remote file access, and file management over a network, often with its own storage. In many cases, multiple local hosts will want to access the same remote host (the server), which can be used as a centralized repository for multiple users to exchange files no matter where they physically reside. For more details on this, see the FTP Client FTP Server relationship

When creating users, the FTP server admin will specify permissions and can set a folder as the user's root. This ensures the user has the right access levels and can only access the appropriate files and perform specific actions. For instance, users could be given permission to upload, download, move, rename, or delete files. But they could also be restricted to one action like download only, which is common when distributing files to many different people to make sure everyone is working with the same content. 

FTP Port - what is it and why does it matter? 

Behind the scenes, devices connect using ports, which are endpoints for transmitting communications and data. Every computer has thousands of ports that serve different purposes. For the purposes here, we can say that the ports are used for transmitting some form of information, whether that's commands, file data, or something else. 

Typically, FTP ports are a set of two ports: Port 21 for sending commands like logging in and listing files & folders, and Port 22 for data transmissions, the actual uploads and downloads of files. Both ports need to be open and connected throughout the entire process in order for the files to be transmitted. 

Because these ports are standard, it can open up some risks for traffic to be intercepted, so often some precautions are put in place for FTP transfers, or the ports used can be switched.  

How to connect FTP 

Connecting via FTP requires having a few key components to establish a connection. 

  • Hostname
  • Username
  • Password
  • Port number (If not default ports) 

The hostname specifies the address of the remote device you want to connect to. You need this to establish a connection, and the credentials are used to ensure that you are connecting to the right place and that you have authorization to connect. 

The username is the unique user identity for the remote host. In the case of FTP servers, each username must be unique. A simple way to ensure uniqueness and make it easy for the user to remember is by using their email address. However, this format isn't supported by all FTP clients, especially dated ones that haven't been updated recently. 

Password is self-explanatory and is connected to a specific username. Generally, you'll want the user to set this password themselves. Sometimes, a one-time password is generated to go with the username to establish the first connection, and then the user will have the opportunity to change the password at first login.

Choosing the port number is optional and depends on the specifics of the particular FTP server. As mentioned above, FTP uses a default port for data and sending commands, and most FTP clients will include these port numbers when making the connection. Only change this if you know the port number has been changed and you've been given the new ports. 

 

FTP vs SFTP and other protocols

FTP is a convenient way to transfer files, and at one time, it was the best available option. However, the protocol has remained basically stagnant over the last two decades as new protocols like SFTP and S3 became more widespread. 

SFTP stands for Secure File Transfer Protocol, which at first glance sounds like a direct upgrade to FTP (File Transfer Protocol). But while the two protocols are both used for a similar purpose and have a similar name, they are actually two entirely separate protocols. This means that SFTP has a different set of requirements to establish a connection, and once it does so, the way machines communicate and transfer files is different. 

While these differences are quite vast, it comes down to SFTP being generally used as the replacement for FTP for modern usage because of the improved security and performance. We go into more detail about the differences in our article on FTP vs. SFTP vs SCP vs Rsync.

Other file transfer protocols such as AS2, OFTP, and PeSIT, have also been developed since the advent of FTP and are used for more specific use cases. The main disadvantage that FTP has over these other protocols is that it is comparatively insecure. 

 

Why is FTP insecure? 

The reason FTP is considered an insecure method of transmitting files is because of the lack of encryption. This means that it is vulnerable to common snooping techniques and that the contents of the files are also exposed and readable. Even the username and passwords are sent as plain text instead of being hashed to protect the data, meaning anyone snooping on the connection could easily gain access as a legitimate user. 

While this sounds catastrophic—especially with millions of machines still relying on the protocol—there are methods to help make FTP more secure. One is by adding security by using FTP over SSH or FTPS. Another is by using FTP as a Service (FTPaaS) that can add security and "translate" FTP to other protocols while limiting exposure. 

These weaknesses have led many experts to claim that FTP is obsolete for modern file transfers, and they recommend using a more secure transfer protocol when possible. 

 

Is FTP still relevant? 

Since FTP is an insecure way to transfer files (and experts advise against it), is it still relevant? Yes, at least, for now.  

The issue is that there are millions of machines that can only transfer files by using FTP, and many pieces of software that can only do the same. While modern best practices recommend using more secure protocols, the fact is that many legacy machines and software still only support FTP and are involved in critical operations. 

However, many organizations have decided that the risks of using unsecured FTP connections aren't worth the connectivity. Products such as Google Chrome have dropped support for the protocol entirely due to the associated risks with it, and many other companies are considering doing the same for their products.  

Eventually, FTP will likely be deprecated entirely. But in the meantime, if you need to connect via FTP for any kind of sensitive file transfers, you should do so using secure methods. 

 

Try Couchdrop for secure FTP transfers

Couchdrop is a secure FTP solution that works both as an FTP server and FTP client. The platform employs FTP as a Service, which comes with many advantages across security, connectivity, ease of use, and more.

For instance, you can use Couchdrop to connect to a machine that only supports FTP connections, make sure that the connection is secure by requiring FTPS, then transfer the file elsewhere via SFTP. There are many other enterprise-grade security controls available to make sure all legs of the transfer journey are protected, even when FTP is a required step. 

To try Couchdrop FTP, you can register for a new account and get instant access for 14 days with no credit card required. Sign up now to get started.