Skip to main content
Kinsta.comCommunityOpens in a new tabMyKinstaOpens in a new tab

SFTP

To ensure your data remains safe and encrypted, Kinsta only supports SFTP connections. When you’re connected to a WordPress site via SFTP, you gain direct access to the files and folders on the server, allowing you to perform a variety of tasks that can be especially useful for troubleshooting, customizing, or managing your site, such as:

  • Upload, download, and edit files.
  • Manage your plugins and themes.
  • Fix errors and restore access.
  • Back up your site.
  • Delete files.
  • Manage permissions.

MyKinsta includes a primary SFTP user with full access to all files and directories on your WordPress site. You can also create additional SFTP users with customizable permissions, including read-and-write or read-only access. You can also restrict their access to a specific subdirectory, giving you greater control over who can access different parts of your site.

SFTP clients

If you don’t already have an SFTP client installed on your computer, we recommend one of the following:

You can connect via SFTP with your SFTP client using the primary SFTP/SSH user or one of the Additional SFTP users.

Primary SFTP/SSH user

The Primary SFTP/SSH user has full read and write access to all files and folders on your WordPress site. The credentials you need to access your site via SFTP can be found in MyKinsta under WordPress sites > sitename > Info > Primary SFTP/SSH user.

Kinsta only supports SFTP connections; therefore, you should ensure the connection type is always SFTP. The Host may be described as the Address, URL or Hostname within the SFTP client.

You can also use an SSH key in addition to your username and password.

Primary SFTP/SSH user details in MyKinsta.
Primary SFTP/SSH user details in MyKinsta.

Some SFTP clients may default to FTP as the connection type, so be sure SFTP is selected as the connection type. If you don’t, you might see an error similar to:

Cannot establish FTP connection to an SFTP server. Please select proper protocol.

Download primary SFTP user settings

Rather than manually inputting your SFTP settings, you can download a configuration file that contains all of the Primary SFTP user settings required for the SFTP connection for FileZilla, Cyberduck, or Terminus. In MyKinsta, under WordPress sites > sitename > Info > Primary SFTP/SSH user, click the download icon under FTP client config files.

Download a zip file of your primary SFTP user settings.
Download a zip file of your primary SFTP user settings.

This downloads a zip file that contains the following files:

  • .xml – This can be used to import the SFTP settings into FileZilla. For support with the import, refer to FileZilla’s documentation.
  • .duck – This can be used with Cyberduck. If you open the file, it starts the Cyberduck application and creates the connection. If you need further support with this, refer to Cyberduck’s documentation.
  • .csv – This can be used to import the SFTP settings into Terminus. For support with the import, refer to Terminus support.

Change the primary SFTP/SSH user password

If you want to update the primary SFTP/SSH user password for the current environment, hover over the password and click Generate new SFTP password.

Generate a new SFTP/SSH password for your primary user on your WordPress site.
Generate a new SFTP/SSH password for your primary user on your WordPress site.

To confirm the password change, click Generate new password.

Confirm the password change by clicking Generate new password.
Confirm the password change by clicking Generate new password.

Copy and paste the new password into your SFTP client as needed.

Set a password expiration for the primary SFTP/SSH user

If you want the primary SFTP/SSH user password to expire and regenerate automatically at regular intervals for the current environment, click the edit icon under Password expiration.

Change the primary STFP/SSH user password expiration time.
Change the primary STFP/SSH user password expiration time.

Choose how often you want the password to expire and regenerate, and click Save changes.

Choose the interval for the password expiration.
Choose the interval for the password expiration.

Authentication methods for primary SFTP/SSH user

To change the primary SFTP/SSH user authentication methods to enable or disable access with a username and password for the current environment, click the edit icon under Authentication methods.

Change the primary SFTP/SSH user authentication methods.
Change the primary SFTP/SSH user authentication methods.

Select Password to enable or disable primary SFTP/SSH user access with a username and password, and click Save changes. You cannot disable access using an SSH key; however, you can disable all SFTP/SSH access.

Select Password to enable or disable access with a username and password.
Select Password to enable or disable access with a username and password.

IP allowlist for primary SFTP/SSH user

To specify a list of IP addresses that are allowed to access your environment with the primary SFTP/SSH user credentials via STFP/SSH, click the edit icon under IP allowlist.

Specify which IP addresses can access the environment via SFTP/SSH.
Specify which IP addresses can access the environment via SFTP/SSH.

Enter the IP addresses you want to allow access via SFTP/SSH and click Add. You can specify multiple addresses separated by a comma, e.g., 1.1.1.1, 2.2.2.2. You can also specify a range of IP addresses using a slash, e.g., 1.1.1.1/32.

Specify the IP addresses that are allowed to access your environment via SFTP/SSH.
Specify the IP addresses that are allowed to access your environment via SFTP/SSH.

Once you have entered all of the required IP addresses, click Update IP allowlist.

Update the IP allowlist for SFTP/SSH.
Update the IP allowlist for SFTP/SSH.

Disable/enable primary SFTP/SSH user access

If you want to disable the primary SFTP/SSH user access so users with the primary user credentials cannot connect via SFTP/SSH within Primary SFTP/SSH user, click Disable.

Disable primary SFTP/SSH user access.
Disable primary SFTP/SSH user access.

To confirm the changes, click Disable SFTP/SSH access.

Confirm the changes to disable SFTP/SSH access.
Confirm the changes to disable SFTP/SSH access.

When SFTP/SSH access is disabled, the connection details are no longer shown.

SFTP/SSH access disabled.
SFTP/SSH access disabled.

If you want to enable access and show the connection details, click Enable > Enable SFTP/SSH access.

Additional SFTP users

In addition to the primary SFTP/SSH user, you can create additional SFTP users with customizable permissions. Additional SFTP users are unique to each environment, and you can limit their access to read and write or read-only and further restrict their access to specific directories within your site. For example, if you want a user to only manage plugins, you can limit their access to the /wp-content/plugins/ subdirectory. This provides greater control and security when granting access to developers, contractors, or team members.

You can add SFTP users within WordPress sites > sitename > Info > Additional SFTP users > Add new user.

Add SFTP users.
Add SFTP users.

Complete the new user’s details as follows:

  • Username: This is unique to the environment; it is case-sensitive and only accepts letters, numbers, underscores (_), and dashes (-).
  • Password: Enter a password for the user, this must be at least 16 characters.
  • Root directory: To restrict access to a specific subdirectory, enter the path to the folder here. For example, to limit access to your plugins folder, enter /plugins/. The folder must already exist in the public directory, if the folder does not exist, when you add the new user the action will fail. You can create new folders using the Primary SFTP/SSH user.
  • Read, write, or Read only: Choose the required level of access for the user.

Click Add new user.

Add a new SFTP user.
Add a new SFTP user.

Important notes

  • New SFTP users share the same Host as the primary SFTP/SSH user but use a different Port.
  • When you push an environment to Live or Staging, any additional SFTP users associated with that environment are also pushed and will appear in the environment you are pushing to.
  • When you clone an environment, any additional SFTP users are not carried over to the new environment, you’ll need to set them up again manually if needed.
  • When you reset an environment, any additional SFTP users are removed.
  • Additional SFTP users are restricted to folders within the public directory. They do not have access to any files or directories outside of this location.
  • If you want to limit access to a specific subdirectory, the folder must already exist in the public directory. You can create new folders using the Primary SFTP/SSH user.

Edit an SFTP user

To change the details of an additional SFTP user, click the kebab (three dots) and click Edit.

Edit an additional SFTP user.
Edit an additional SFTP user.

You can change the username, password, subdirectory access, or the level of access they have. If you change the Root directory to limit access to a specific subdirectory the folder must already exist in the public directory, if the folder does not exist, when you edit the user the action will fail. You can create new folders using the Primary SFTP/SSH user.

Edit an SFTP user.
Edit an SFTP user.

Once you’ve made the changes, click Edit user.

Remove an SFTP user

To remove an SFTP user, click the kebab (three dots) and click Remove.

Remove an additional SFTP user.
Remove an additional SFTP user.

To confirm the removal, click Remove SFTP user.

Confirm the removal of an SFTP user.
Confirm the removal of an SFTP user.

Client examples

Here are a few examples of settings in FTP clients.

Cyberduck

SFTP details in Cyberduck.
SFTP details in Cyberduck.

WinSCP

SFTP settings in WinSCP.
SFTP settings in WinSCP.

FileZilla

FileZilla Quick Connect
FileZilla Quick Connect

Transmit

SFTP settings in Transmit.
SFTP settings in Transmit.

More information

SFTP is a secure way to connect to your website files and the only supported file transfer protocol at Kinsta. For more details about how SFTP is more secure, be sure to check out the difference between FTP and SFTP.

Was this article helpful?

© 2013 - 2025 Kinsta Inc. All rights reserved. Kinsta®, MyKinsta®, and DevKinsta® are trademarks owned by Kinsta Inc.The WordPress® trademark is the intellectual property of the WordPress Foundation, and the Woo® and WooCommerce® trademarks are the intellectual property of WooCommerce, Inc. Uses of the WordPress®, Woo®, and WooCommerce® names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation or WooCommerce, Inc. Kinsta is not endorsed or owned by, or affiliated with, the WordPress Foundation or WooCommerce, Inc. Legal information

Contact usKinsta community