When you first set up a VPS (Virtual Private Server), it feels exciting to finally have your own hosting environment. But just like moving into a new home, the first thing you should think about isn’t just decorating—it’s locking the doors. Out of the box, most VPS servers are not fully secured, which makes them attractive targets for automated attacks, bots, and malicious users. In this article, we’ll go through some essential steps to secure your VPS right after deployment.
Step 1: Change the Default SSH Port
By default, most servers use port 22 for SSH. Since bots frequently scan this port for brute-force attempts, changing it to a non-standard port (like 2222 or 2345) helps reduce random login attempts. It won’t stop determined attackers, but it’s a good first line of defense.
Step 2: Create a New User and Disable Root Login
Logging in directly as root is risky. Instead, create a new user with sudo privileges. Then, update the SSH configuration to disable root login entirely. This forces attackers to go through an extra layer before even attempting admin access.
Step 3: Set Up a Firewall
A firewall controls which connections can access your server. Tools like UFW (Uncomplicated Firewall) or firewalld let you easily allow only the necessary services (e.g., HTTP, HTTPS, and SSH). Everything else should be blocked by default.
Step 4: Install Fail2Ban
Brute-force login attempts are common. Fail2Ban monitors failed login attempts and temporarily bans IP addresses that show suspicious behavior. This helps protect SSH, FTP, and even web applications like WordPress.
Step 5: Keep Software Updated
Hackers often exploit outdated software. Regularly updating your OS and applications closes vulnerabilities before they can be used against you. A simple apt update && apt upgrade (Debian/Ubuntu) or yum update (CentOS) can make a big difference.
Step 6: Enable Automatic Backups
Security isn’t just about prevention; it’s also about recovery. If something goes wrong, you’ll want backups ready. Set up automated backups through your hosting provider or cPanel, and store copies off-site for extra safety.
Final Thoughts
Securing your VPS isn’t a one-time task—it’s an ongoing responsibility. By following these steps, you’ll create a solid security foundation, making it much harder for attackers to compromise your server.