How to download files over FTP with wget

Automated downloads over FTP with wget streamline data collection from legacy servers, mirror sites, and public archives. Scriptable transfers avoid manual use of graphical FTP clients, integrate cleanly into cron jobs, and work well on headless Linux systems. Consistent commands also make it easier to reproduce and audit file retrieval procedures across multiple hosts.

The wget utility is a non-interactive network downloader that understands HTTP, HTTPS, and FTP URLs. When fetching content over FTP, it opens a control connection on port 21, authenticates with login commands such as USER and PASS, and uses a separate data connection for each file transfer. Options like --user, --password, --recursive, and --no-parent control authentication and directory traversal, enabling both one-off downloads and full directory mirroring.

Plain FTP sends credentials and data in clear text, so usage on untrusted networks can expose passwords and file contents to interception. Sensitive workloads generally benefit from alternatives such as SFTP or FTPS, or from tunneling traffic through a VPN before accessing an FTP service. Before invoking wget for FTP transfers, ensure access to the target host, sufficient disk space in the chosen download directory, and appropriate permissions for any credentials that will be used.

Steps to download files over FTP with wget:

Open a terminal in the directory that should hold the downloaded files.
```
$ mkdir -p ~/downloads
$ cd ~/downloads
$ pwd
/home/ubuntu/downloads
```

Download a single file from an anonymous FTP server with wget using a full URL.

$ wget ftp://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
--2025-12-08 10:15:01--  ftp://ftp.gnu.org/gnu/wget/wget-latest.tar.gz
           => ‘wget-latest.tar.gz’
Resolving ftp.gnu.org (ftp.gnu.org)... 209.51.188.20
Connecting to ftp.gnu.org (ftp.gnu.org)|209.51.188.20|:21... connected.
Logging in as anonymous ... logged in.
##### snipped #####
Saving to: ‘wget-latest.tar.gz’

wget-latest.tar.gz   100%[===================>]   4.4M  2.1MB/s    in 2.1s

2025-12-08 10:15:04 (2.1 MB/s) - ‘wget-latest.tar.gz’ saved [4587392]

Anonymous FTP usually accepts any password string and often prefers an email address for logging purposes.

Download a file from an authenticated FTP server by specifying a username and password for wget.

$ wget --user=ftpuser --password='example-password' ftp://ftp.example.com/private/report.csv
--2025-12-08 10:16:00--  ftp://ftp.example.com/private/report.csv
           => ‘report.csv’
Resolving ftp.example.com (ftp.example.com)... 203.0.113.10
Connecting to ftp.example.com (ftp.example.com)|203.0.113.10|:21... connected.
Logging in as ftpuser ... logged in.
##### snipped #####
Saving to: ‘report.csv’

report.csv           100%[===================>]  32.0K  --.-KB/s    in 0.03s

2025-12-08 10:16:01 (1.0 MB/s) - ‘report.csv’ saved [32768]

Command-line passwords can appear in shell history and process listings, so long-lived FTP credentials should be stored in secure mechanisms such as .netrc or external secret managers instead of --password.

Store FTP credentials in ~/.netrc so wget can authenticate without embedding passwords in the command line.
```
machine ftp.example.com
  login ftpuser
  password example-password
```
Storing credentials in .netrc centralizes authentication for multiple tools but also concentrates sensitive data in a single file that must be protected carefully.
Restrict access to the .netrc file so FTP passwords are not readable by other local users.
```
$ chmod 600 ~/.netrc
$ ls -l ~/.netrc
-rw------- 1 ubuntu ubuntu 86 Dec  8 10:16 /home/ubuntu/.netrc
```
Overly permissive permissions on .netrc can cause tools such as wget to ignore the file and expose passwords to other local accounts.

Mirror an entire remote FTP directory recursively into a local folder while avoiding parent directories.

$ mkdir -p ~/ftp-mirror
$ wget --recursive --no-parent --no-host-directories --cut-dirs=2 --directory-prefix=~/ftp-mirror ftp://ftp.example.com/pub/projects/data/
--2025-12-08 10:17:00--  ftp://ftp.example.com/pub/projects/data/
Resolving ftp.example.com (ftp.example.com)... 203.0.113.10
Connecting to ftp.example.com (ftp.example.com)|203.0.113.10|:21... connected.
Logging in as anonymous ... logged in.
##### snipped #####
Downloaded: 42 files, 2.3M in 3.4s (687 KB/s)

The combination of –recursive and –no-parent keeps traversal within the selected tree, while –directory-prefix and –cut-dirs shape the local directory layout.

Verify that FTP downloads completed successfully by listing the local directory and checking the exit status of wget.
```
$ ls -lh
total 4.5M
drwxr-xr-x 3 ubuntu ubuntu 4.0K Dec  8 10:17 ftp-mirror
-rw-r--r-- 1 ubuntu ubuntu 4.4M Dec  8 10:15 wget-latest.tar.gz
-rw-r--r-- 1 ubuntu ubuntu  32K Dec  8 10:16 report.csv

$ echo $?
0
```
A zero exit code from wget combined with the expected files present in the target directory indicates a successful FTP transfer.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.