Federated learning (FL), collaborating with thousands of participants in a distributed manner, greatly protects the privacy of local data. However, recent research reveals that FL is at risk of privacy leakage attacks. Consequently, a variety of techniques have been applied to address the issue of privacy protection and effective distributed training of FL, such as differential privacy (DP), gradient compression (GC), and homomorphic encryption (HE). However, these techniques are still limited in three aspects, i.e., communication overhead, fidelity, and effectiveness. To address these challenges, we propose FedHiT, a novel privacy protection for FL via hierarchical training. It minimizes the information the curious-but-honest server acquires by employing a hierarchical upload mechanism. FedHiT differs from previous work in the three key aspects: (1) communication - it has low communication overhead since it only uploads partial model parameters to the server iteratively; (2) effectiveness - it can effectively defense various privacy leakage attacks and adaptive attacks; (3) fidelity - it ensures effectiveness while maintaining the model’s accuracy without compromise. Extensive experiments are conducted on three datasets under three attacks, compared with three state-of-the-art baselines, and the results testify that FedHiT outperforms other methods in model accuracy, communication overhead, and privacy protection capacity. For instance, the average model accuracy with FedHiT is only 1.59% lower than that of without any defense (i.e., the fidelity of using FedHiT only lost 1.59%), but its privacy protection ability is 1.4∼2 times that of DP and GC methods with the same fidelity.