Retrieve saved password in FileZilla

Many web masters use FileZilla as their FTP client to upload web pages to server or download website files to computer. It takes only a brief moment to connect FTP server with FileZilla and very easy to use. To easily access our FTP server, we may set FileZilla to remember our password so we don’t have to remember the password or type in the password every time we connect the FTP server. For some reason we may need to see the password stored in FileZilla. For example, you may need to connect to the server using a new FTP client. You can’t view the saved in FileZilla Site Manager directly. We can export the Site Manager entries to computer as XML file first. Open this file using Notepad or any text editor and find the encoded FTP passwords. Then decode or decrypt the password using a third-party service. Check out details below.

Note that we use FileZilla for Windows in the demo. If you use FileZilla on Mac, you may see slight difference in appearance.

Open FileZilla on your computer. Click File > Export.

filezilla ftp client export

Then choose ‘Export Site Manager entries‘ > OK.

filezilla ftp client export site manager entries

Save the file to your desktop or other folder you prefer. Open the saved XML file using Notepad, or other compatible software on your PC. Find the FTP server entry which you like to view its password. The Host and User will be saved as plain text. Between the <pass> and </pass>, you will see the FTP password. It is not saved in plain text. FileZilla used to save FTP password as plain text, but not any more. It is encrypted with the Base64 encoding.

<Pass encoding="base64"> khdHRQkhSLWQkhJlQ==</Pass>

We can however use a free online service to decode it correctly. For example, we can go to , copy and paste the encrypted password there and click decode, then the password will be decrypted.

If you found the FTP password was encoded by “crypt” followed by a pubkey in the <pass> and </pass> entry, it means you have saved the FTP passwords and protected them by a master password. In this case, you can’t decrypt it.

Leave a Reply