FileZilla Secure was an independent, open-source fork of the popular FileZilla FTP client. It was created specifically to fix a major, long-standing security vulnerability in the original software.
Here is what you need to know about its history, purpose, and current status: The Problem It Solved
For over a decade, the official FileZilla Client stored all saved server hostnames, usernames, and passwords in plain text within a basic XML file (sitemanager.xml).
Anyone—or any piece of malware—with basic access to your computer could easily open that file and steal all your server credentials.
The original developer resisted fixing this for years, arguing that if malware was already on your system, a master password wouldn’t fully protect you anyway. The Launch of FileZilla Secure
Frustrated by this security gap, independent developers launched FileZilla Secure in November 2016.
It looked and functioned exactly like the standard FileZilla client. It added a master password encryption feature.
All saved passwords were heavily encrypted, ensuring that even if your computer was compromised, your remote server login details remained safe. Current Status: It Is Obsolete
You no longer need to use or look for FileZilla Secure. In May 2017, the official FileZilla development team finally yielded to community pressure and integrated native master password encryption directly into the main, official version of FileZilla. Because the original project fixed the issue, the FileZilla Secure fork became obsolete and is no longer actively maintained. How to Secure Your Official FileZilla Client
If you are using the modern, official version of FileZilla, you can turn on the exact security feature that FileZilla Secure pioneered: Open official FileZilla. Go to Edit > Settings (or FileZilla > Settings on Mac). Click on the Interface section.
Check the box for “Protect passwords with a master password”. Set a strong password that you will remember.
For transferring sensitive data safely, it is also best practice to use SFTP (SSH File Transfer Protocol) or FTPS (FTP over TLS) instead of plain FTP, which sends your data across the internet unencrypted. If you are setting up file transfers, let me know: What operating system (Windows, Mac, Linux) you are using?
Whether you prefer to continue using FileZilla or want to explore popular secure alternatives like WinSCP or Cyberduck?
I can guide you through the process of setting up a completely locked-down connection! Reddit·r/HomeNetworking
Any known FileZilla security issues? Kind of a crazy story…
Leave a Reply