Creating and Managing FTP Accounts under cPanel

Depending on your hosting plan, you may not be limited to just a single main FTP account. Why would you need more than one? You probably don't if you are the only person who will ever make changes to your website. However, if you have another person or group of people help you edit your website, you shouldn't give them access to your main FTP account to edit files.

Security Note: Because the main FTP account login is the same as your cPanel login you should never give it to anyone else. If someone needs FTP access to your account, you can create a separate FTP account for him or her unless your hosting plan does not allow it. If you would like to create or manage additional FTP accounts in cPanel, you should log into your cPanel account and then click on the FTP Manager icon. Then from the menu of options that appear, select FTP Accounts.

There will probably already be two or more FTP accounts listed here as main account. You can't delete or edit them (although you may be able to edit the disk space quota for some of them). They were created by cPanel automatically and need to remain as they are.

Creating a New FTP Account in cPanel

If you would like to create a new FTP account, follow these basic steps:

1. Click Add Account.

2. Choose a name for the new user and enter it in the Login text box. The directory path will automatically update to match your user's login name. The FTP user you create will only have access to the specified directory inside your public_html directory and any directories below that. This starting directory is often referred to as the FTP account's home directory. If you change the directory to / then the FTP user will have complete access to any files and directories in public_html (your public web space) via FTP. The account won't be able to access any files or directories above the public_html directory. The directions printed at the bottom of the screen make this all fairly clear.

3. When you create an account, you can also specify a disk space quota. The quota limit will restrict the account from uploading more than the specified amount (in MB). Setting the quota limit to nothing, zero (0) or the word unlimited will create an FTP account with no quota limits at all. Without a quota limit, that user will be able to upload files until you either run out of disk space or bandwidth.

Monitoring your FTP Usage in cPanel

Back at the main FTP Account screen you will be able to monitor FTP account quotas, edit those quotas, and delete FTP accounts that you have previously added. Rather oddly, there is a link for each add-on domain and sub-domain's raw web logs here. Click a link and your browser will download the logs to your computer.

Depending on your web host's settings, the raw web log links may include your main FTP/cPanel account password as well as the username. While this makes accessing the links easy (since you do not have to enter the password for your account to access the raw web logs), it is also a security risk. If you leave this page open in your browser anyone can come along and roll the mouse pointer over the link to see your main account username and password in the browser status bar. You may want to ask your web host to turn off the option that includes account passwords in those links.

Anonymous FTP Access

From the FTP Manager screen you can also set up or control anonymous FTP access. Anonymous FTP allows people without FTP accounts to access a special public_ftp directory to upload or download files.

Anonymous FTP access (especially anonymous FTP uploads) can be a big security risk, so your web host may not permit you to turn this feature on. If anonymous FTP access is turned off on your web server, accessing any of cPanel's anonymous FTP options won't affect anything. You should contact your web host if you want to know if they support anonymous FTP access.

To turn anonymous FTP access on or off, you should click Setup Anonymous FTP Access from the FTP Manager screen in cPanel. You will be presented with two simple checkboxes. The first allows you to offer anonymous (public) FTP access to ftp.domain.com (only the public_ftp directory). The next checkbox allows anonymous (public) FTP upload access to your ftp.domain.com/public_ftp/incoming/ directory. Both of these items should be unchecked for security reasons unless you are certain you want to offer anonymous FTP access.

If you want people logging in via anonymous FTP to see a custom message from you when they log into your server, then write it here. This will only get displayed if the FTP client the person is using displays messages from the server. Some web browsers will display this message when accessing your account via FTP, but many people turn off viewing such messages especially if they are using a dedicated FTP program. In most cases, if the message is not displayed on screen, it is still written to the user's FTP transcript (log).