Encrypt Passwords Stored in FileZilla Settings with AES-256

FileZilla is a widely used FTP client application available for many popular platforms including Windows and Linux. Even though it has all the features that you can hope for in an FTP client and supports connecting to FTP servers over very secure connections using TLS, it lacks the features to password protect or encrypt the saved login credentials. Earlier FileZilla used to save FTP server credentials in plain-text without any attempt to hide or encrypt them. In the newer versions, FileZilla is using base-64 encryption to obfuscate the passwords which can be easily decrypted without any password.

If you want to encrypt the FTP server login credentials stored by FileZilla, then you can use AES Crypt and a batch file. Here is how:

  1. Download AES Crypt from https://www.aescrypt.com/download/. Download the console version for 32-bit version of Windows.
  2. Extract aescrypt.exe from the downloaded ZIP file and place it inside a folder.
  3. Download filezilla-password-aes256.zip and extract start-filezilla.bat in the same folder that contains aescrypt.exe.FileZilla Encrypt Stored Credentials
  4. Open the batch script in Notepad (right-click on the batch script and choose Edit) and change the password used for encrypting and decrypting (OihksReX). You also might have to change the location of “filezilla.exe” and FileZilla settings folders.
  5. After properly editing the batch script, you can double-click on start-filezilla.bat. It will encrypt your existing FileZilla configuration files containing your FTP login credentials. Whenever you want to launch FileZilla, you can double-click on start-filezilla.bat from now on.FileZilla Encrypt Stored Credentials

Using AES Crypt for encrypting FileZilla configuration files ensures that all of your stored credentials are encrypted using very strong cipher. Now if a malicious application or a potential hacker tries to steal your FileZilla credentials, they won’t really get anything. If someone launches FileZilla from its usual shortcuts, then they won’t get anything either but an empty Site Manager file. At the same time, you would be able to use all the saved credentials using the batch-script whenever you want.