Remove Default Users/Passwords from XAMPP Filezilla FTP Server

July 26th, 2007

This article is part of a series of articles about making XAMPP more secure. See the overview page for all the security measures.

By default, the FTP server that comes with XAMPP allows anonymous user logins and also has a default user with

username: newuser
password: wampp

In order to make it more secure, you should disable anonymous logins, and get rid of the “newuser” user. You may also want to create a new FTP user for your legitimate FTP usage. In order to accomplish this, do the following:

  1. Install FileZilla as a service (and start it) in order to access the FTP server config:
    1. Open up the XAMPP Control Panel
    2. Check box next to “Svc” for Filezilla
    3. Click “OK” on window which says “Click OK to install the Filezilla FTP Service”
    4. Click “Yes” on window which says “Install Service?”
    5. Click “No” for the window which states “Autostart Service?”, unless you want the FTP server to launch whenever you reboot your machine (in that case, click “Yes”).
    6. Click “Yes” on the window which asks “Start Server?”
  2. Launch the Filezilla server administration
    1. In the XAMPP control panel, make sure Filezilla is running
    2. In the XAMPP control panel, click on the “Admin” button for Filezilla.
    3. A dialog box that pops up titled “Connect to Server?”. This dialog box will show defaults of: server address=127.0.0.1, Port=14147, Administration Password=(blank). Leave these defaults alone and click “OK”.
  3. Delete the anonymous user
    1. In the Filezilla server window, from the pulldown menu choose Edit->Users to get the “Users” Dialog box.
    2. In “Users:” area on right side, highlight “anonymous”.
    3. In the middle area, under “Account settings”, uncheck “Enable account”
    4. Click “OK” to close the “Users” dialog box.
  4. Delete the default user “newuser”
    1. In the Filezilla server window, from the pulldown menu choose Edit->Users to get the “Users” Dialog box.
    2. In “Users:” area on right side, highlight “newuser”.
    3. Click “Remove” in the “Users: ” area to remove this user.
    4. Click “OK” to close the “Users” dialog box.
  5. Create legitimate users
    1. In the Filezilla server window, from the pulldown menu choose Edit->Users to get the “Users” Dialog box.
    2. In “Users:” area on right side, click “Add”.
    3. In the “Add User Account” dialog box:
      1. For “Please enter the name of the user account that should be added:”, enter new account user name.
      2. For “User should be member of the following group:”, you can leave it as <none>
    4. With your new user account name highlighted in the “Users:” area, check the box next to “Password”, and type in a password in the edit box. Note: The more characters in your password, the more secure it will be. It is also more secure to have a password that is not a word that can be found in a dictionary and has some special characters such as # or !.
    5. For extra security, click “Force SSL for user login” to force encryption of your password. Warning: This will not work if you use the regular Windows FTP client with this server. You’ll need to use another FTP client such as the corresponding Filezilla one in order to have this security.
    6. Setup the directories that this new user will have access to.
      1. Highlight “Shared Folders” under the “Page:” area on the left side of the dialog box.
      2. Now click on “Add” under the shared folders area to add a directory.
      3. In the “Browse for folders” window that comes up, navigate to the desired folder and press OK. This will give the FTP user access to this directory and all sub-directories.
      4. Choose the powers that this user will have (such as add, write, delete) for files and other folders under this directory.
      5. Repeat this for all directories you want to add.
    7. Click “OK” to close the “Users” dialog box.

Next Step

The next step in this tutorial is to go back and continue to remove default usernames and passwords.

15 Comments

  1. Robert L Milleron 03 Dec 2007 at 11:48 am

    Thanks, I have been looking for a tutorial like this for
    a while.

  2. cherylon 04 Dec 2007 at 11:33 am

    Awesome step by step instructions – very thorough and very worthwhile info for remove default users. Thanks!!!!

  3. selvaon 29 Apr 2008 at 12:51 am

    i installed filezilla in xampp…i am using php script how to connect filezilla and php. Should i add any code in php for connect to filezilla.

  4. jumanjion 05 Dec 2008 at 5:59 pm
  5. rcbon 14 Jun 2009 at 5:56 am

    Thanks. I have been looking for the port number….

  6. alexon 30 Jun 2009 at 9:16 am

    Nice tutorial! Thanks!

  7. [...] how do i set up filezilla on XAMPP? Try with the below link hope it will help you. Remove Default Users/Passwords from XAMPP Filezilla FTP Server __________________ QA [...]

  8. Rajat Subhra Chakrabortion 15 Mar 2010 at 3:13 am

    Dear genius, thanks for such a useful tutorial. It’s too good :)

  9. Brian DeShazeron 01 Jan 2011 at 5:18 pm

    Really good, any thoughts on the Mercury Mail Server…setting up basic configuration…changing passwords, etc…

  10. atifon 09 Oct 2011 at 1:52 am

    thanx……..!

  11. Linuson 14 Dec 2011 at 7:53 pm

    Thanks man, a really good tutorial. Helped me alot, thanks!

  12. Jigaron 21 Feb 2012 at 8:47 am

    Hi,

    Is it possible to change the password of current FTP User ?

  13. kamalon 04 Nov 2012 at 10:05 am

    good tutorial

  14. ajiton 30 Nov 2012 at 4:30 am

    In my case Users option in Edit menu is disable.
    How can i fix it?

  15. Rabin Halderon 01 Mar 2013 at 7:08 am

    Thanks you very much for the guide.

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.