Disable FTP clear/plain text authentication

If you’ve read our previous article on how to pass PCI compliance scans, you might notice that you failed a PCI scan due to FTP clear/plain text authentication being used. In this article we’ll discuss disabling FTP clear/plain text authentication.

By default when you establish an FTP connection to the server, your credentials are passed to the server as clear/plain text. What this can mean is that if someone was sniffing the network traffic from your computer to the server because you were on a open WiFi network for instance, they could potentially compromise your account. So requiring an encrypted connection instead of a clear/plain text one can help protect your account against this.

It’s important to note that this change would require you having root access on your VPS or dedicated server, as this is an advanced setting and the default can’t be changed on our shared servers.

1. Log into WHM.
2. In the top-left Find box enter in ftp, then click on FTP Server Configuration.
   

3. In the TLS Encryption Support drop-down, select Required (Command).
4. Scroll to the bottom of the page and click on Save.

You should now know how to disable FTP clear/plain text authentication on your server. Now that you know how to disable this you’ll also more than likely want to learn about securely connecting to your website using an FTP client as well.