Unencrypted FTP in n8n
Why using plain FTP instead of SFTP exposes your data and credentials
What is this issue?
Plain FTP transmits all data—including usernames and passwords—in clear text. Anyone monitoring the network can intercept credentials and file contents. SFTP or FTPS should always be used instead.
Signs of unencrypted FTP:
•FTP node using port 21 without TLS•Connection string starting with ftp:// instead of sftp://•Secure option disabled in FTP configuration•Using legacy FTP nodes without encryption
Why is this dangerous?
Credential interception
Login credentials are sent in plain text and can be captured by network sniffers.
Data exposure
File contents are transmitted without encryption, exposing sensitive data.
Man-in-the-middle attacks
Attackers can modify files in transit without detection.
Compliance violations
Unencrypted file transfer violates most security standards (PCI, HIPAA, SOC2).
How to fix it
- 1
Switch to SFTP
Replace FTP nodes with SFTP (SSH File Transfer Protocol) for encrypted transfers.
- 2
Use FTPS if required
If SFTP isn't available, use FTPS (FTP over TLS) with explicit encryption.
- 3
Verify server configuration
Ensure the remote server supports and enforces encrypted connections.
- 4
Update credentials
After switching to encrypted transfer, rotate all FTP credentials that may have been exposed.
Scan your workflow now
Upload your n8n workflow JSON and detect unencrypted FTP connections.