Securing your VPS is essential to protect data, applications, and uptime. While these steps apply broadly, we’ll use Ubuntu as an example for commands.
Outdated software is the easiest way in for attackers.
Actionable steps (Ubuntu example):
1sudo apt update && sudo apt upgrade -y 2sudo apt install unattended-upgrades -y 3
Automatic updates ensure critical security patches are applied without manual intervention.
SSH is the main access point for your server and should be locked down.
Best practices:
/etc/ssh/sshd_config:PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
2022:Port 2022
Real-world: SSH keys + port change + root disabled blocks 99% of automated attacks immediately.
Lock down which ports your server accepts connections on.
Example (Ubuntu + ufw):
1sudo apt install ufw -y 2sudo ufw default deny incoming 3sudo ufw default allow outgoing 4sudo ufw allow 2022/tcp # SSH 5sudo ufw allow 80/tcp # HTTP 6sudo ufw allow 443/tcp # HTTPS 7sudo ufw enable 8sudo ufw status
Only open what’s necessary. Keep everything else blocked.
Each service you don’t use is an attack surface.
Actionable steps:
1systemctl list-units --type=service --state=running
1sudo systemctl disable --now service_name
1sudo apt purge package_name -y
Limit privileges and remove shared accounts.
Guidelines:
1sudo adduser alice 2sudo usermod -aG sudo alice
1sudo userdel olduser 2sudo passwd -l root
sudo for administrative tasks.For high-value servers:
Direct and practical:
Consistently applying updates, SSH key access, minimal services, and monitoring keeps your VPS secure and reliable.