FTP setup for Ubuntu 14.04 - vsftpd or proftpd ?

Hi,

I have an Ubuntu 14.04 deployed on my droplet. I’m using it for running multiple websites (one of which is written in core-php and other are Joomla! based). Now, on each website, there are options for visitors to register and submit posts and add attachments to their posts.

While uploading these files, the code uses FTP layer for uploads. I don’t want users to upload files through browser but utilize FTP layer. Although it may look like uploading from browser to a usual user but on backend, the application should utilize FTP for uploads.

Now my questions are:

1. Primary objective to install FTP daemon on m y droplet is to allow file uploads by website visitors over FTP and not through web-browser. Which option is safer and better - vsftpd or proftpd?

2. While FTP is not a recommended solution, is there a way to allow such file uploads on SFTP? If yes, then how can it be achieved through Joomla! and on a core-php code?

3. If I use FTP for uploads, but restrict such FTP requests to my server IP, then would it work? And if it would, then is it a good solution to prevent unauthorized server access through FTP?

4. If I use FTP, then I have to keep port 21 open in UFW. Although I may restrict user access to certain directory (chroot) and also disallow user from any other IP than the server itself, still port 21 is open. How to ensure that no intrusion happens while the port in open?

– Regards Saurabh