If you want a user that can only access and modify WordPress directories and files (starting from
/htdocs) within one or more sites (you can control which sites the user can access), you can also try this method using Bindfs: http://community.rtcamp.com/t/setting-up-chroot-sftp-users-for-easyengine-sites-bindfs/8386
For example, here's an SFTP user I created that can only access two out of several EasyEngine sites installed on the server: https://gyazo.com/9628e6a6c6b9bb9eb9c190fc5ea88f31
Take a backup/snapshot of your server before starting. After you've read the thread to understand how it works, setup takes a matter of seconds for each new SFTP user you want to add.
While it says only tested on Ubuntu 14.04, I've since tested it on 16.04 and it works perfectly.
But if you want a user that can navigate around the entire server, then the method above is not for you, and a sudo user added to the
www-data group would perhaps be a better option.