I mean the FTP username/password doesn't change, it's always generated using the same parameters. By change I mean periodically (once an hour? every time the user logs into ispconfig? every time the file manage button is clicked?) a new password would be generated and set for the FTP account, such that the previous credentials (which are embedded in the HTML and quite likely found in your browser's cache) don't work any more. So if the user enters 'https://my_ispconfig_site:8080/mftp/' in their browser (or the browser auto-fills it from history), mftp will check that the ISPConfig session is no longer active and not allow the user to access the utility? That is possible (in fact I do a similar thing in my example monit proxy config posted here in the forums), but I'm guessing that probably hasn't been done, and you mean that the site_webftp.php script itself doesn't function if the user is not logged in? That is one piece of it, but directly accessing /mftp/ with the same username/password sent previously is more the scenario I was thinking about.