How to Upload Files with FTP to WordPress

Last updated on October 18th, 2014 by Robert Abela. Filed under WordPress Security Tutorials & Tips

What is FTP protocol

FTP (File Transfer Protocol) is a “means of transport” used to transfer files from your local computer to a remote website, such as a WordPress blog. FTP can also be used to download files from your WordPress website to your computer or to change files and directories permissions on a remote website.

Why do you need to know how to use FTP?

FTP is a very important protocol for any webmaster. There are various reasons why it is essential that you are able to use FTP:

Upload files to your website

From time to time you might need to transfer files, such as imges or HTML verification files, from your computer to your website, and you will need FTP as a means of transportation.

Delete files from your WordPress website

Sometimes after uploading new plugin, upon activation you discover that this plugin is incompatible and the WordPress administrator console is unavailable. In this case, the only way to solve such a problem is to connect via FTP to the website, navigate to the WordPress plugins directory and delete the plugin. The WordPress plugins files are stored in the /wp-content/plugins directory in WordPress.

Modifying a WordPress theme

From time to time, you may need to change your WordPress theme or modify an existing one. Pasting a piece code from tutorials to the Appereance > Editor window in the WordPress dashboard can accidentally lock you out, or break something. The best way to go about this is to login via FTP, download the WordPress theme file, modify it and upload it again to the WordPress themes directory. The WordPress themes directory is /wp-content/themes/.

Change file and directory permissions

Some WordPress plugins require the creation of a temporary directory or single to store cache data in it. If these WordPress plugins do not have the appropriate permissions to create such a file or directory, the WordPress plugin will generate errors and will not function properly. In this case you need to change directory and file permissions so the WordPress plugin is able to create and write to a directory.

What information do you need to connect to your WordPress blog using an FTP client?

  1. A Host or hostname of the remote server. ITypically this is the web address or URL of your WordPress blog e.g.
  2. A username and password to authenticate and be able to access your WordPress blog or website. Typically, such credentials are provided to you by your hosting provider upon registering which you use to access your CPanel. If not, you can always create a new FTP username and password from your hosting user portal and configure it to be able to access the WordPress files.
  3. An FTP client software. There are many different FTP client software available on the market. One of the best FTP Clients is FTP FileZilla and it is available for download for free.

Note: The host, username and password should be entered in Section 1 highlighted in red in screenshot 1 below.

Connecting to a remote WordPress website with an FTP client

How to use the FTP to upload and transfer WordPress files

Once you’ve inserted on the details specified in the Section 1 above, click the ‘Quick Connect’ button (highlighted in red and marked as section 2 screenshot 1 above). Once you are connected to your WordPress website,you will be able to see the following sections in your FTP client (all highlighted in red in screenshot 1 above):

  • Section 3: Local computer directory location
  • Section 4: Files stored in the highlighted local directory
  • Section 5: Remote website (WordPress blog) directory location
  • Section 6: File stored ni the highlighted remote directory

To upload a file from your local computer to your WordPress blog or website, simply drag and drop the file from the local site section (Section 4 in screenshot 1 above) to the remote site section (Section 6 in screenshot 1 above). Therefore, if you need to upload a modified WordPress theme file, on the remote website navigate to ‘wp-content/themes/[theme directory]. Once you are in such directory, drag and drop the file footer.php to the remote site section.

WP White Security Security Tip: When using the FTP protocol, credentials and file content are sent over the internet using clear text, i.e. a malicious user might be able to intercept your credentials and login to your website. Ideally you should always use SFTP (also known as FTPS), i.e. Secure FTP. You can read more about SFTP from here. Most of the hosting providers support SFTP.

How to change WordPress file or directory permissions

To change the permissions of a file or directory in your WordPress blog, you can either:

a) use the CHMOD FTP command; or

b) simply right click on such file or directory and select “File Permissions”

Change WordPress file permissions (CHMOD) using an FTP client

WP White Security Security Tip: In most cases, files should be assigned READ ONLY permissions, with the exception to allow the owner to have WRITE permissions as well to be able to overwrite them when uploading a new file.


Ezekiel Plenty 09/05/2012

Awsome post and straight to the point. I am not sure if this is really the best place to ask but do you people have any thoughts on where to hire some professional writers? Thanks 🙂

John Bonello 15/05/2012

Thanks for your feedback. Drop us an email on and we will let you know. We tend to know some good copyright writer.

MMT 19/07/2012

I would like to upload a file in my web space and use it in my web site like the other web sites when I uploading my file in ftp I can’t download it I changed my file permission but it didn’t works
I really new in it could u please give me an step by step tutorial
please ….

John Bonello 19/07/2012


Unfortunately it is very difficult to know what is the problem off hand. If you would like, send us an email on, explain the problem in detail, give us access and we will sort it out for you. Do not publish any connection details or passwords in this comments section.

Looking forward to hearing from you.

PHIL 20/02/2013

Hi after developing my wordpress website i gave it to my host who managed to upload it onto the web . However before she could upload it a deleted the file accidentally from the my local wamp server . and i have been uploading and making changes online but the site got hacked into since i had not made it secure according to my host and this is the message that the host sent to me via email and the reason why the site is not up and running currently .
Dear Client,

Your account afrisic is hosting the follwoing malicious files/scripts :


{HEX}php.cmdshell.cih.215 : /home/afrisic/public_html/wp-content/plugins/empty-plugin-template/error.php


This files are being abused by crackers/hackers to install malicious scripts on your account. Please note that our servers are up to date and monitored frequently against these hack/malicious attempts.
We have disabled the public_html folder for this account(s) temporarily to avoid any further exploits. This has been done for your own safety as well as to protect everyone else on the server and internet to make it a safe place for all.

We are disabling the web-access temporarily to avoid the following:

1- Suspending it blocks hackers from deleting all your files.

2- It prevents hackers from posting embarrassing index pages till you can completely secure your account.

3- It keeps hackers from stealing any further sensitive info such as logins, credit card numbers, etc. which may be in your files or databases.

4- If found quickly and rectified, it may keep your site’s reputation from being damaged in search engines.

We have disabled web access to your account so that further attacks stop and your data is secure while you work on it. You can still access the account using your control panel and FTP. We suggest you change your control panel password immediately. If you need web access to work on it, please provide us your IP address which you can find by visiting the page so that we can enable web access for your local IP.

If you require a restore, please be aware that due to the amount of data we must store, our backups are rotated daily. It is imperative that you contact us immediately to request a restore of your files from backups. We can’t guarantee a backup will be available or that it will contain clean copies of your files but we will make every effort to find one prior to the date of infection for you. We can also help restore from your own backup file if you have one and you upload it to your home dir. We do recommend using the backup tool available in your control panel to always keep your own copies of your site on your own computer for safekeeping. To automate the task with a cron job, please see our forums.

When you are done changing your passwords, updating your scripts, cleaning up the files, etc. and feel the account is now secure, please let us know what you have done to correct the situation and ask for full web access to be restored. Please be reasonably sure as enabling it prior to it being fully secured can have major consequences and cause much more delay in getting back to internet life as usual.

We appreciate your cooperation. If you have any questions about securing particular popular scripts you are running, please feel free to ask.

iSource Support

Robert Abela 20/02/2013

Hi Phil,

I am sorry to hear you are having problems with your website. We can look into your website and clean up the hacked files / malware which was injected on your website. Send us an email on so we assist you. We will ask you for some details and once we have such details, such as FTP login and Hosting Provider CPanel access we will fix your website. Once your website is fixed, we will also send you a detailed report of all the changes we have done.

Apart from malware cleanup, we also secure WordPress. For more information about our services, refer to WordPress Security Services page.

Looking forward to hearing from you.

Kathleen 07/03/2013

I downloaded the filezilla program so that I could a child theme on my free WP twenty eleven theme. I know you’re going to laugh when I tell you what my problem is, but here goes…I don’t know what to put in the host, username, password and quickconnect fields. is this my WP username and password? No clue. Please help. 🙂

Robert Abela 07/03/2013

Hi Kathleen,

No problem. It is all explained in the article. The hostname can be the website URL (without http://). As regards the username and password in FTP, typically you can use the username and password provided by the hosting provider to be able to access the CPanel. Most of the time these work. In case they don’t, simply login to the CPanel and create a new FTP username and strong password to be able to access the website. If you need further assistance, feel free to drop me an email on

Kathleen 15/03/2013


Thanks for your help. I am still having problems with Filezilla. I will email you.


maris 12/03/2013


I have an old laptop that broke and no longer have access to. I had initially set up 2 WordPress websites on that old laptop. I bought a new laptop but I have not updated either of my sites. I have installed on both blogs the database plugin and regular backup plugin. But how do I get those two blogs onto my new laptop?

Do I have to do ftp or can I just go into my dashboard and transfer everything? I have Hostgator and the videos they directed me to don’t seem to help much.

So what do I need to do to get my websites and files onto my new laptop?? Is there an easy (and painless) way to do this? If you can please help, you would be a lifesaver. Or perhaps you can direct me to an article of yours that has this info. Thanks in advance.

Robert Abela 12/03/2013

Hi Maris,

I am not sure if I am understanding you correctly, where the blogs hosted on Hostgator or you had the FTP accounts configured on your old laptop and would like to configure then on the new laptop?

What is for sure is that we will always find an easy and painless way to solve your WordPress problems 🙂 This kind of problem cannot be solved over a blog post comments though. Drop me an email on and we will sort this out.

Looking forward to hearing from you.

Leave a Reply

Your email address will not be published. Required fields are marked *

Our other plugins