Skip to main content
A default VPS is vulnerable if you leave root login open with a password. The goal is to reduce attack surface and limit access.
1

Create a new admin user

Create a new user and grant admin privileges (sudo). This is safer than using root for daily tasks.
2

Enable SSH key authentication (recommended)

SSH keys are much harder to brute-force than passwords.Generate a key on your computer, add the public key to your VPS, then test login.
3

Disable root SSH login (after confirming your new user works)

Once you can log in using the new user + SSH key, disable direct root login over SSH.
4

Change the default SSH port (optional)

This won’t secure the server by itself, but it reduces noise from automated scans.
5

Enable a firewall

Allow only the ports you need:
  • SSH (your chosen port)
  • HTTP (80) and HTTPS (443) if you host websites
  • Any app-specific ports you actually use
6

Add brute-force protection

Tools like fail2ban can block repeated failed logins automatically.