We are big sticklers for data security. In designing WP Stagecoach, security is one of our main priorities: all aspects of communication between the servers is encrypted, and the file/database transfers from the live site to the WP Stagecoach server are done over SSL-encrypted https. When the plugin displays the the SFTP username and password, it uses an iframe over SSL so that your password doesn’t get shown in clear text.
All staging sites do have a valid https connection, though logging into WordPress over https can be tricky. There are several things that you can do to help make it work. Adding
to the wp-config.php file usually works, but we had enough problems that it is not the default (yet!).
The servers where the staging sites are hosted is set up so that staging sites are in their own “jail” and cannot access other staging sites. This occasionally can generate errors if themes or plugins try to load files outside the user’s staging site. And, while we do concede to popular usage by providing an old-fashioned FTP server, we also provide and highly encourage use of the secure and encrypted SFTP server instead.