Moodle tech tips – not using FTP
If you are a new Moodle administrator you might consider using FTP to transfer large files to the server. Our advise is don’t do this!If you are searching around the internet to find the answer to how you can transfer large files to your Moodle server, bypassing the file upload limit set in Moodle, then you will no doubt find older articles explaining how to do this using FTP (File Transfer Protocol).
Unfortunately FTP is an old protocol now, and not really suitable for security reasons. To explain, FTP users may authenticate themselves with a clear-text sign-in: the username and password are NOT encrypted, meaning someone could intercept them. FTP can also connect anonymously if the server is configured to allow it (more are these days).
FTP was never designed to be a secure protocol !
For secure transmission that protect the username and password, and encrypts the content, FTP is often secured with SSL/TLS (FTPS). Using SSL is much more secure, and most modern clients such as Filezilla offer this. There are many other secure clients – including free and open source options – so check out https://en.wikipedia.org/wiki/Comparison_of_FTP_client_software#Free_and_open_source_software
SSH File Transfer Protocol (SFTP) is more often used instead; although it is quite technologically different to FTP, it does the same job in many situations.
So, the message is “Don’t use FTP to access your Moodle server, it simply does not meet the security requirements of this day and age.”
- Moodle 4.0 – 15th May 2022
- Moodle 4.0 other highlights – 14th May 2022
- Moodle 4.0 Accessibility – 9th May 2022