SSH Secure Shell Explained for Website Owners

Most hosting control panels let you manage your site by clicking buttons. SSH skips the buttons entirely. It gives you a direct, encrypted line to your server where you type commands and the server responds. No graphical interface, no middleman.

That sounds intimidating if you’ve never used it. Once you have, you’ll wonder how you managed without it.

What SSH stands for

SSH stands for Secure Shell. The name tells you two things. It’s secure, because the entire connection is encrypted. And it gives you a shell, which is a command line environment where you interact with the server directly by typing instructions.

The original way to remotely access servers was a protocol called Telnet. Telnet worked, but it sent everything in plain text. Your username, your password, every command you typed, all of it travelled across the network in a format anyone could read if they intercepted the connection. SSH replaced Telnet by encrypting everything end to end.

How SSH works

When you connect to a server via SSH, your client and the server go through a handshake process. They negotiate an encryption method, verify each other’s identity, and establish a secure channel. After that, every byte of data travelling between your computer and the server is encrypted.

The server has what’s called a host key. This is a unique identifier. The first time you connect, your SSH client saves that key. If the key ever changes unexpectedly on a future connection, your client warns you. That warning matters. It could mean someone is intercepting your traffic.

Authentication: passwords and SSH keys

There are two ways to prove your identity when logging in via SSH.

Password authentication is the simpler option. You type your username and password. The downside is that passwords can be guessed through brute force attacks if your server allows unlimited attempts.

SSH key pairs are more secure and more convenient once set up. You generate two mathematically linked keys: a private key that stays on your computer and a public key that you copy to the server. When you connect, the server checks that your private key matches the public key it has on file. No password needed, and no brute force attack is possible because there is no password to guess.

Most experienced server administrators use SSH keys. Many security guides recommend disabling password authentication entirely once keys are configured.

What you can do with SSH

The honest answer is almost anything. SSH gives you the same level of access to the server that you’d have if you were physically sitting in front of it. What that means in practice depends on your use case.

File management. You can create, move, copy, rename, and delete files and directories without going through a file manager in your control panel.

Running scripts. If you have a PHP script, a Python script, or a shell script, you can run it directly. Useful for maintenance tasks, database imports, or bulk operations.

Installing and updating software. On a VPS or dedicated server, SSH lets you install new packages, update existing ones, and configure services.

Database management. You can connect directly to MySQL or MariaDB, run queries, import large SQL files, and manage users without relying on phpMyAdmin.

WordPress management with WP-CLI. WP-CLI is a command line tool for WordPress. Via SSH, you can update plugins, run database searches and replacements, manage users, and perform site migrations far faster than doing it through the dashboard.

Log files. Server logs often contain useful diagnostic information. SSH lets you read them, search them, and monitor them in real time.

Cron jobs. You can set up and test scheduled tasks directly on the server without going through your control panel.

Which hosting plans include SSH access

Not all of them. This is worth checking before you sign up.

Shared hosting sometimes includes SSH and sometimes restricts it. Budget shared plans often disable SSH because giving command line access to hundreds of users on the same server creates security risks if any of those users do something careless. Some providers offer SSH on higher tier shared plans.

VPS hosting almost always includes full SSH access. This is one of the main selling points of VPS over shared.

Managed WordPress hosting varies. Hosts like Kinsta and WP Engine offer SSH. Some managed hosts lock it down to protect their stack.

Dedicated servers always include SSH. You have the whole machine, so there’s no reason to restrict access.

If SSH access matters to you, check explicitly before you buy. Look for “SSH access” or “shell access” in the plan comparison table.

How to connect via SSH

You need three things: the server’s IP address or hostname, your username, and either your password or SSH key.

On Mac and Linux, SSH is built in. Open Terminal and type:

ssh username@your-server-ip

If you’re using an SSH key, add the path to it:

ssh -i /path/to/private-key username@your-server-ip

On Windows, SSH has been built into the command prompt since Windows 10. For older versions, PuTTY is the most widely used client.

Your hosting control panel will usually tell you the correct hostname and username to use. On cPanel hosts, the username is typically your cPanel username. On VPS, it’s usually “root” for initial setup, though best practice is to create a separate non-root user for day to day work.

The difference between SSH and SFTP

People sometimes confuse these because they use the same underlying protocol.

SSH gives you a command line shell where you type and run commands.

SFTP (Secure File Transfer Protocol) uses the SSH protocol but specifically for transferring files. Instead of a shell, you get a file transfer session where you can upload and download. SFTP clients like FileZilla or Cyberduck connect over SFTP to give you a drag and drop file interface.

Both are secure. Both use SSH encryption. The difference is what you’re doing: running commands versus moving files.

SSH port numbers

SSH uses port 22 by default. Some server administrators change this to a non-standard port as a basic security measure against automated bots that scan for open SSH ports. If your host has changed the SSH port, they’ll tell you what it is. In your connection command, you specify the port with the -p flag:

ssh -p 2222 username@your-server-ip

Hardening SSH security

If your server is accessible via SSH, there are a few things worth doing.

Use SSH keys instead of passwords. As mentioned above, keys eliminate the risk of brute force attacks.

Disable root login. Logging in as root directly over SSH is risky because root has unlimited permissions. Create a separate user with sudo access and disable root SSH login in your server configuration.

Use fail2ban or similar. This software monitors login attempts and temporarily bans IP addresses after repeated failures. It’s not foolproof but it cuts down automated attack noise significantly.

Keep your SSH client updated. Vulnerabilities in SSH implementations do get found and patched. Running an old version is an unnecessary risk.

Do you actually need SSH?

For a standard WordPress site on shared or managed hosting, you might never touch SSH. Your control panel and WordPress dashboard handle most things. That’s fine.

The moment you start needing SSH is usually the moment something breaks in a way the dashboard can’t fix, or when you want to do something at scale that would take hours clicking through an interface.

If you’re on a VPS, learning a handful of basic SSH commands is worth the hour it takes. It removes a whole class of problems you’d otherwise be stuck googling and clicking around to solve.

Frequently Asked Questions

Is SSH safe to use? Yes. SSH encrypts everything end to end and is the standard secure way to access servers remotely. Plain Telnet is not safe. SSH is.

What’s the difference between SSH and SSL? They solve different problems. SSH is for securely connecting to and controlling a server via command line. SSL/TLS is for encrypting data in transit between a website and a visitor’s browser. Both use encryption, but they’re completely separate protocols for different purposes.

Can I use SSH on shared hosting? Sometimes. It depends on the host and the plan. Many shared hosts restrict SSH or only include it on higher tier plans. Check the plan features before buying.

What if I’ve never used command line before? Start with the basics: ls lists files, cd changes directories, pwd shows where you are. There are plenty of beginner SSH guides online. The learning curve is real but not steep. Once you have ten or fifteen commands memorised, you’ll cover 90% of what most website owners ever need SSH for.