FileZilla FTP User Name and Password for WordPress

The WordPress team has released a major update to the software that runs their content management system, cutting off a key log-in feature in the process. The change was made to comply with updated security standards, which also impact the log-in process for third-party apps like Woocommerce.

The update applies to sites running the latest version of WordPress (4.9+) and it eliminates the need for FTP (File Transfer Protocol) logins, which have long been required to access content in the system. This means all you need to do to log in is use your email address and password to access the site — no special FTP login details are needed anymore (at least as far as WordPress itself is concerned).

Why Are You Told To Use FTP Logins In WordPress?

FTP logins have been necessary in WordPress since the software was first launched in 2003, when security was much less of a concern.

The need for FTP logins in WordPress comes from the software’s original creator, Bill Wilson, who still leads the development team and holds the copyright to the WordPress name. When you initially install WordPress, you’ll be prompted to create an FTP login to access your site’s content. Once you’ve done that, you won’t be prompted to enter your login credentials again unless you manually change your database password — which you’ll be instructed to do in the WordPress tutorial.

If you don’t want to use FTP logins in WordPress, you can disable the feature via a WordPress admin screen. Just go to Settings → General and set FTP to No.

What’s Changing In WordPress 4.9?

WordPress 4.9 represents a major update to the software that powers more than 27 million websites around the world. The release includes many new features and improvements, but one of the most significant changes has to do with security.

The WordPress team has made it much more difficult for attackers to access your site’s content using automated tools or malware. To make sure you’re always protected, WordPress now requires you to use an .htaccess file to restrict access to content.

This new standard changes how WordPress checks file permissions before allowing access to protected content. For sites using the previous .htaccess method, all the restricted content will be hidden from view until you restore the previous settings. The update also adds protection against SQL injection attacks by requiring you to use prepared statements.

Another significant change in WordPress 4.9 is the inclusion of OAuth 2.0 authorization for applications that need to access your site’s data. This update brings the OAuth standard up to date with the most recent security updates and it also allows developers to create more secure applications using the WordPress API — a way of integrating your site’s functionality into third-party apps.

How Do You Log In To WordPress?

After you initially create an account in WordPress and connect your social media accounts (if you choose to use them), you’ll be asked to change your password. You’ll then be able to use this new password to log in to your site — just enter it when prompted.

If you use a different email address to login as well, you’ll be able to switch between them using the Forgotten Password feature. This allows you to access your account even when you temporarily forget your logins.

What About The.htaccess File?

Even though the FTP login is no longer necessary, you’ll still need to maintain the .htaccess file in order to access your site’s restricted content. WordPress introduced the .htaccess file in the early 2000s because of the lack of security measures in place at the time. Since then, the file has become an integral part of site security in WordPress.

The file isn’t used to restrict access to content in WordPress — it’s simply a configuration file that allows you to modify the way your site’s URLs are processed. More information can be found in the WordPress docs.

If you choose to use the.htaccess file to restrict access to content on your site, you need to follow a specific set of rules. Make sure to maintain the original author’s guide (found here) and be sure to keep up to date with any security changes made to .htaccess since the file was first introduced.

Is My Site Now Secure?

After a site is updated to version 4.9 of WordPress, a message will appear detailing the changes made to the software and offering users information about how to keep their site secure.

The WordPress team has taken a lot of security measures to ensure that your site is as safe as possible, eliminating the need for FTP logins in the process. If you maintain a separate email address and password for WordPress, you won’t need to use these special credentials to log in to your site. Simply use your email address and password to access the site.

Since WordPress 4.9, the team has worked hard to improve the security of the platform, making it more difficult for attackers to gain access to your site’s content using automated tools or malware. The update also adds protection against SQL injection attacks by requiring you to use prepared statements and it adds protection against OAuth 2.0 authorization for applications that need to access your site’s data. The result is a more secure platform for users to create and maintain websites.

This article will walk you through the process of removing FTP logins from your WordPress site so you can log in with your email address and password — or, if you’re using the.htaccess file, with the help of an .htaccess file.

Removing FTP Logins From A WordPress Site

Logging in to a WordPress site as the creator or administrator is the first step to making changes to the platform. If you want to remove FTP logins from a WordPress site you currently use, you’ll need to go through a series of steps to ensure that your site is as secure as possible. The first step is to make sure you’re using a secure connection when accessing the site.

Even though you’re not using FTP logins to access your site’s content these days, it’s still extremely useful to set up an .htaccess file for your site — this ensures that all the restricted content is hidden from view until you restore the previous settings. You can do this from your WordPress admin dashboard.

If the.htaccess file is already present on your site, you’ll need to maintain it in accordance with the following set of rules:

  • .htaccess files must be named .htaccess and must be located in the root directory of your site.
  • The file can’t have any blank spaces in it.
  • .htaccess files can’t have any directives (such as Order or Allow) past the 1st line.
  • .htaccess files can’t be edited using a text editor (like Notepad)
  • The file can’t be locked (using the chmod command)
  • .htaccess files have to be included in your httpd.conf file in order to be effective (using the apachectl restart command)

If you named your .htaccess file .htlogin, you’ll need to change the name of the file so that it doesn’t conflict with any existing files. Once you’ve changed the file’s name, you can remove the .htaccess file from your site’s root directory — this ensures that all the restricted content is visible and accessible to members of the public.

Setting Up An.htaccess File For WordPress

WordPress makes it very easy to maintain an .htaccess file, allowing you to configure your site’s behavior in a variety of ways. The following steps will walk you through the process of creating a restricted area in your site’s root directory.

Log in to your site’s dashboard as its creator or administrator and then click Settings on the left sidebar.

In the settings dashboard, you can choose from a variety of options to set up your site’s restricted area — all of which can be customized using the following controls.


The Directory control allows you to specify the directory that will hold all the content you want to restrict access to. This is the primary directory that WordPress will check for.htaccess files before granting access to restricted content.