Why is everyone still using FileZilla?

Mac
1

The interface looks like it’s from 2005, yet it’s still the most popular FTP client out there. Is it just a habit, or is there something FileZilla does better than the newer, prettier apps? I’m genuinely curious what keeps people coming back to it.

2

:thought_balloon:FileZilla - My Honest Review

I’ve been using FileZilla on and off for basic website work and moving files to servers. It’s a free FTP client that has been around for many years and is probably one of the most recognized tools for transferring files between a local computer and a remote server.

It supports FTP, SFTP, and FTPS, and works on Windows, macOS, and Linux. For everyday stuff like uploading site files or downloading backups, it generally works fine. The interface is pretty typical for this kind of software – local files on the left, server files on the right, transfer queue at the bottom.

There’s a big user base behind it, but its reputation has had some bumps over the years, mostly related to how the installer has been distributed in some places. That’s honestly the main reason I started looking into it more carefully.

:+1: What Works Well

  • Free to use, no subscription required
  • Long-established and widely recognized
  • Reliable for routine file transfer tasks
  • Supports FTP, SFTP, and FTPS
  • Simple drag-and-drop with a transfer queue

For basic FTP work, I didn’t really have problems with the actual file transfers.

:police_car_light: The Problem: Antivirus Flags

This is the part that made me pause. At one point I downloaded FileZilla and my antivirus immediately flagged it as a potentially unwanted program. That’s not a great feeling when you’re installing something you thought was a standard, trusted tool.

After digging around a bit, I found out this often happens when FileZilla is downloaded from third-party software sites instead of the official project page. Some of those versions have bundled installers with sponsored software, and that’s usually what triggers the warnings – not necessarily the core FileZilla program itself.

Still, from a normal user perspective, the experience is confusing. You install something you’ve heard about for years, and suddenly your security software is throwing alerts. Even if there’s an explanation, it does affect trust a bit.

If someone already installed one of those bundled versions, I think it makes sense to run a scan with something like Malwarebytes just to be safe. I did that myself just for peace of mind.

What I learned from this:

  • Downloading only from the official FileZilla website reduces the risk a lot
  • Third-party download portals seem to be where most of these reports come from
  • Antivirus warnings don’t always mean the main app is malware, but they shouldn’t be ignored
  • Running a scan afterward is a reasonable precaution

Even after sorting it out, I can understand why this leaves some users unsure. First impressions matter, especially with security warnings.

:hammer_and_wrench: What to Do and What to Try Instead

What I ended up doing (and what I’d suggest to others):

  • Download only from the official FileZilla site
  • Avoid software download aggregator sites
  • If flagged, uninstall and reinstall from the proper source
  • Run a malware scan to be sure nothing extra got installed
  • Use SFTP or FTPS instead of plain FTP when possible

If the antivirus situation has put you off, there are other options worth a look.

As a Mac user, I prefer Commander One. It connects to remote servers via FTP, SFTP, and FTPS, and lets you organize file operations in a queue, which helps if you’re working with multiple servers. It also works as a general file manager, not just an FTP client, which might appeal to people who want everything in one place.

:speech_balloon: Final Thoughts

My overall take is pretty simple: FileZilla is a functional free tool with a long history and it does basic file transfer work without much trouble.

That said, the antivirus flagging issue is real enough that it’s worth being careful about where you download it from. Getting it from the official source and doing a quick scan helps avoid most of the concerns.

I still think it’s usable if you take those precautions. But if someone would rather not deal with that uncertainty at all, there are other FTP clients out there that might feel like a simpler choice.

5 Likes
3

Short answer for your exact question: no, you do not need to panic and rip FileZilla out today, but you should tighten how you use it and think about switching over time.

A few key points that did not get covered by @mikeappsreviewer:

  1. The real risk with FileZilla itself
    FileZilla supports SFTP and FTPS with decent crypto. The protocol side is fine for normal web hosting use.
    The bigger long‑term problem is that the devs have been slow on some security‑related UX issues, for example:

    • passwords are stored in plain text in the config files under your user profile
    • master password support exists but is off by default and many users never enable it

    If malware hits your box and you use FileZilla with saved logins, all your server creds are sitting in plain text XML. That is not unique to FileZilla, but it is a strong reason to stop saving passwords there.

    Action:

    • stop saving passwords in FileZilla
    • use a proper password manager and copy/paste
    • turn on “Kiosk mode” or master password if you must keep saved sites

  2. The installer mess vs your threat model
    The bundled‑junk stories mostly come from third‑party installers or from the “sponsored” installer the project briefly used. That hurt trust.
    If you work in anything regulated or handle client data under contract, that trust hit matters more than the technical details. Your clients do not care if it was “only” a wrapper.

    Action:

    • if you work with client data, pick a client with a clean distribution story and stick to it

  3. Where FileZilla starts to feel dated
    If you move lots of files or handle multiple servers, you hit limits fast:

    • no real sync or two‑way mirror with safety checks
    • no decent file compare tools
    • weak logging and audit trails
    • no team‑friendly features

    For personal sites and light SFTP work it is fine. For ongoing operations, it slows you down.

  4. What I would do in your place

    If you want the lowest effort path and do not care about fancy features:

    • keep FileZilla
    • reinstall from the official site if you ever grabbed it from a download portal
    • stop using plain FTP, force SFTP or FTPS only
    • stop storing passwords in it
    • run an AV scan once and move on

    If you want to “future proof” and clean up your tooling:

    On macOS:

    • Commander One is a good move. It handles FTP, SFTP, FTPS, and cloud mounts, and doubles as a file manager. For many people it becomes the default file tool, not only an FTP client. That solves two problems with one app.
    • Its App Store distribution also sidesteps the installer drama.

    On Windows:

    • Look at WinSCP or Cyberduck. Both support SFTP and FTPS, and WinSCP has better sync and scripting.
    • They handle stored credentials more thoughtfully and integrate with PuTTY or OpenSSH.

    On Linux:

    • Use your file manager’s built‑in SFTP support or something like lftp or rsync over SSH. For secure transfers, SFTP over OpenSSH plus rsync is hard to beat.

  5. When you should stop using FileZilla entirely
    I would fully drop FileZilla if any of these are true:

    • you manage multiple client servers with sensitive data
    • you share a workstation with others
    • you need audit logs or repeatable syncs
    • you want unified access to SFTP, S3, WebDAV, and cloud drives in one tool

    In those cases, something like Commander One on macOS or WinSCP on Windows gives you cleaner credential handling and better workflows.

So no instant emergency. Tighten your current setup now, start testing an alternative like Commander One or WinSCP, then phase FileZilla out when you feel comfortable.

4

Short version: you don’t have to drop FileZilla today, but if “secure file transfers” actually matter to you, it’s probably time to start phasing it out.

Where I slightly disagree with @mikeappsreviewer and @espritlibre:

They’re right that:

  • the installer drama is mostly distribution‑chain nonsense
  • FileZilla itself is not some ticking malware bomb
  • using SFTP/FTPS instead of plain FTP fixes a huge part of the “security” problem

But they’re both a bit generous about how much mental overhead you should tolerate for a basic tool.

For me, these are the real dealbreakers in 2026:

  1. Credentials handling is weak

    • Storing passwords in plain text config files is not “just a footnote,” it is a serious risk on shared or semi‑managed machines.
    • Relying on users to enable master password / kiosk mode is wishful thinking. Defaults matter. If a random infostealer hits your box, your whole server list is basically a buffet.

  2. Trust is part of security
    Yes, most of the bundled‑junk stories were from third‑party installers or the “sponsored” installer period. Still: once a tool has a messy installer history, I don’t want to have to keep explaining the nuance to clients, auditors, or my future self.
    “No drama” tools win here.

  3. It’s just not evolving for how people actually work

    • No first‑class sync / mirror with safety checks
    • No real integration with modern credential storage
    • UX feels stuck in the “upload theme.zip to shared hosting” era

If you only occasionally push a WordPress theme to a cheap host and you are the only person on the machine, then no, you don’t need to panic‑uninstall. Grab the official installer, use SFTP, don’t save passwords, run a one‑time AV scan, call it a day.

But if any of this sounds like you:

  • multiple client servers
  • anything mildly sensitive or regulated
  • you’re on a work laptop you don’t fully control
  • you’d like something that will age better over the next 5 years

then I’d stop spending mental energy defending FileZilla and just move on.

Concrete suggestion based on what you wrote:

  • On macOS: seriously look at Commander One.
    It does secure file transfers over SFTP and FTPS, has a proper dual‑pane file manager interface, and avoids the whole adware‑installer circus because it ships through more controlled channels like the App Store. For “I want reliable, straightforward secure file transfers” it hits that sweet spot nicely.

  • On Windows: WinSCP is boring in the best way. Clean SFTP/FTPS, better sync, better scripting. Cyberduck if you want more protocols, but it’s a bit clunkier.

  • On Linux: SFTP and rsync over SSH in your file manager or terminal are usually better than any GUI FTP client anyway.

So: you’re not in danger just because you’ve used FileZilla for years, but if you’re already uneasy and asking this question, that’s your signal. Lock FileZilla down now if you must keep it, start testing Commander One or WinSCP on the side, and quietly retire FileZilla once you’re comfortable.

No need to stage a dramatic uninstall ceremony, just stop relying on it as your main “secure” transfer tool.