How do I create additional FTP accounts?
By default, a Web hosting account comes with one preactivated FTP account. This account has a username like example.com. It always uses the same password as your master account password, and when you connect using this account, you're placed directly into the top level directory of your Web site.
That's probably all most people need. However, advanced users can also add additional FTP accounts.
On this page:
- Additional FTP accounts
- Forgotten the password to an additional FTP account?
- Security considerations
Additional FTP accounts
Additional FTP accounts can have different passwords and can be restricted to different directories. You could use this feature to:
- Allow people to modify the Web site without giving them the master password that lets them login to the account management control panel;
- Allow multiple employees to publish files without needing to share passwords;
- Limit certain people (such as clients) so that they can only upload into a restricted location;
- Access your home directory (including e-mail storage), backup files and raw Web server log files, which you can't do with the default FTP account.
To set up additional FTP accounts:
- Login to the customer control panel
- Click FTP Publishing
- Scroll down the to the section called Setting Up Additional FTP Accounts
- Click Add to create a new FTP account
- Choose the password and the directory for the account
The directories shown on that screen are directories that have been created using the master FTP account; if you want to create a new directory for a new user, you'll need to use the master FTP account to create the directory first.
Forgotten the password to an additional FTP account?
If you've forgotten the password to an additional FTP account, see the topic "Lost FTP Password".
If you let other people upload files to a restricted location that's part of your Web site, they could upload script files (such as PHP files) and then run them by loading them in their Web browser. Those scripts could then modify other files outside the restricted location, allowing a malicious uploader to to "break out" of the restriction.
To prevent this, you should create the restricted directory under your home directory, not your Web site directory. Or, if your site doesn't use any scripts at all, you could disable all scripts in a top-level .htaccess file for your site.