Security through obscurity rarely works as well as one would hope. Instead, you run the risk of being hit by an anonymous hacker who found you through a random vulnerability scan. In the old days FTP was the best option for transferring files from your computer to your website. Those days are long over, but many still use FTP, thinking it is the only option. But for real security, you should take a look at SFTP or SCP.
Both transfer methods, SFTP and SCP, use public key encryption to ensure that your data stays safe from prying eyes during transfer. With FTP, your login information is sent in plain text, making it easy for a third party to intercept it. In both alternatives, the “S” stands for “secure”, and that is exactly what you need when you are transferring data.
SFTP (SSH File Transfer Protocol) is run over a secure channel (i.e. SSH – Secure Shell). That means that the login information and data stream are encrypted with whatever technology your server uses (usually OpenSSH).
Limitations and Concerns
Because it uses SSH, you will need an SSH login to use it. Some web hosts are reluctant to give shared hosting users shell access, but they may give you a secure login with the shell disabled. Good hosts will usually give users some type of SSH access upon request. If you have a VPS or dedicated server, you should already have access.
Another possible limitation is that you will need to use an FTP client that supports SFTP. Fortunately, most modern clients do. For example, FileZilla is a cross-platform, free and open source client that supports SFTP and many other protocols.