FTP Lock – What you need to know

Online Control Panel, Security

FTP (File Transfer Protocol) is used to transfer files from one computer to another, it is the area where your files are saved and accessed on any given server. If FTP is enabled and open for an extended period of time you are increasingly vulnerable to attack and viruses. FTP lock is a great security feature we introduced last year. We always recommend you switch your FTP settings to the most secure option.

In your Online Control Panel, the FTP lock feature offers the three following options:

1. If you do not need to use FTP, you can disable the feature. We highly recommend locking FTP when not in use to maximise your online security.  In the event that you want to use the facility in the future you can simply enable it.

2. For those of you with a dynamic IP address, you can use the ‘Other IPs’ option to unlock FTP for a specified amount of time. The time allowance can be from one hour to 30 days. This means you do not need to stipulate a particular IP address each time you want access. The length of time is capped at 30 days in order to increase your online safety and ensure you have complete control and it is never left open indefinitely.

3. For customers who have a specific IP address or a number of specific IP addresses, you can add a white-list of IPs to your settings. The listed IPs will be the only addresses able to access your files through FTP. You can add and/or remove IPs from the list whenever you wish.

If you have any questions about your FTP settings, please do not hesitate to raise a support ticket via your Online Control Panel.


  1. Why not just use SFTP or FTP over SSL?
    If I need to use FTP continually, I have to leave it open permanently, as my ISP uses dynamic IPs. Consequently, I am no safer with your method, and I have to keep amending the expiry date.
    More work for me, no security benefit.

    • Thanks for the feedback Ben, we appreciate it.

      SFTP would require static IP addresses so in cases like yours, where the ISP assigns a dynamic IP address, it’s not a feasible solution. FTP over SSL is on the cards, it’s definitely something we’d like to do but there’s a bit of work involved in implementing it so it’s some way off at the moment. Currently, you’ll have to login every thirty days and open up access for the next thirty days which I can appreciate can be a little inconvenient for you.

      You’ll find that a lot of hosting providers have rolled out similar FTP Lock features recently – it’s all in response to the current wave of viruses that specifically target FTP, we need to stay ahead of the curve and help our customers remain secure.

  2. Sean Overend

    15/02/2013 at 11:12

    I find that I cannot access my control panel – I get the quaint message “access to this account is blocked. Please contact technical support for assistance”.
    “Quaint” because I cannot reach technical support. The telephone number produces numerous automated routing messages, each of which concludes with “all our agents are busy”. As I am calling from South Africa, I cannot simply hang on at the end of an international line – and there appears to be no email address to which I can send a query.
    HELP please!

  3. Greg Smith

    13/08/2013 at 16:33

    I have enabled FTP for a subdomain user but that user has a dynamic IP address, but being a subdomain user, he cannot log in to the control panel to reset the time period. How can I get around this without having to log in every 30 days to reset it for him?

    • Hi Greg,

      Thanks for your comment.

      I assume you mean that you’ve enabled FTP for one of your users but have specifically set their home directory to one of your subdomains so they have no access to your main site files? Ultimately, if they only have a dynamic IP address, they will need access opening up every thirty days which can only be done through the Online Control Panel. Unless you’re prepared to give them access to the Site Admin control panel at domain.com/siteadmin, then this will mean that you, as the account holder, will have to do this for them once a month.

      One point to consider is how often the user reboots their router. Although it’s a dynamic IP address, if they don’t reboot their router for months on end then they may still continue to use that same IP address for months – meaning that you could add it in as an approved IP address and it should only need removing whenever they next reboot their router.

      Let us know if you have any more queries or feedback.

Comments are closed.