For the most part of the websites I am owner of, I normally use Visual Studio to code and test locally, then I publish them to the FTP folder provided from my hosting company.
When I first set that publish up I was asked for the obvious few information needed to complete the process: the FTP address, username and password for login and the publish folder (as it is normal fro the hosting company to use shared resources for low-cost hoisting, they normally use a common FTP with the customers isolated through the use of folders normally named after the domain name).
After starting the publish procedure, I was reminded by Visual Studio that my credentials were transmitted insecurely over the net in plain text.
Of course this rang a warning bell in my head, so I cancel the procedure and thought for a while.
I realized during the setup process I was not asked what authentication method I wanted to use: I normally use FTP Secure protocol when available and, if not available, I think twice about commit myself to a company who is not offering it.
I doubled checked the Visual Studio configuration and I was more than surprised not finding any options for this; a search on Google also proved to be inconclusive.
Then I tried the simplest solution of all that, not surprisingly, worked properly: simply add the ftps: scheme name at the beginning of the address to let Visual Studio to automatically switch to secure connection.
So, to make the long story short, simply replace the connection string that will look like
and Visual Studio will automatically use TLS encryption to connect.
At the first publish attempt, the digital certificate is shown so you can validate the authenticity of the site and you have the option to remember that certificate as valid for that moment on.
At the end of the day I was a little surprised this option was not clearly shown in Visual Studio as it could fool a programmer not familiar enough with security or simply too distracted to notice the lack of it with the standard settings.