Purchasing a VPS server is a step toward better performance, stronger security, and full control over your server. However, simply buying a server is not enough; it must be properly secured and configured to run the required tasks. What you do after the purchase plays a crucial role in creating a secure, fast, and stable VPS setup.
The first step after purchasing a VPS server is to log in to it. For Linux VPS users, this is typically done via SSH, while Windows VPS users connect via Remote Desktop Protocol (RDP). More closely here.
In this comprehensive tutorial, we will walk you through the 5 most important steps to take after purchasing a VPS hosting service.
Update the packages
Linux VPS users should update all system packages to ensure they receive the latest security patches and fixes. Out-of-date packages are the number one easy attack vector. A special feature for the Linux-based servers.
Ubuntu/Debian:
sudo apt update && sudo apt upgrade -y
CentOS/AlmaLinux:
sudo dnf update –y
Similarly, Windows VPS users should install any pending Windows updates to keep their systems protected.
Set up a firewall for security
A firewall serves as the first line of defense for your Virtual Private Server, especially for Linux-based ones. After purchasing a VPS server, it is essential to configure a firewall that blocks unauthorized access while allowing only the necessary ports.
Typically, you would enable ports for services such as SSH, HTTP, HTTPS, or RDP and block all others. This helps reduce the risk of brute-force attacks and unwanted traffic.
Even a basic firewall setup can significantly improve your VPS's overall security. Here are a couple of guides for Linux VPS security and port management:
Change default SSH port
Changing the default SSH port is important because most automated attacks focus on commonly used ports. Using the default port makes your VPS an easy target for brute-force attempts and unauthorized access.
Switching to a non-default SSH port helps reduce the number of malicious login attempts, decreases unnecessary server load, and adds an extra layer of protection. While it's not a complete security solution on its own, it helps reduce the risk of attacks and improve overall server security.
Create a non-root user
Using the root or administrator account for everyday tasks can create some security risks. A better approach after setting up your VPS is to create a new user account with limited privileges and use it for non-main user-required tasks. This adds an extra layer of protection. Even if someone gains access to your regular user account, they won't have full control over the server.
To create a new user on Linux VPS:
sudo adduser new_user_name
To add them to the sudo/wheel group, which will allow the user the permission to execute commands with elevated root privileges:
usermod -aG sudo username #Debian/Ubuntu
usermod -aG wheel username #CentOS
Install fail2ban (auto-block attackers) for Linux
Fail2Ban is a lightweight security tool that helps protect your server from brute-force attacks. It monitors log files (such as SSH, FTP, or web server logs) and automatically blocks IP addresses that exhibit suspicious behavior—such as repeated failed login attempts. When an IP address exceeds a defined limit, Fail2Ban adds a temporary or permanent firewall rule to block it.