After connecting to your server, the next step is making it secure. This guide shows how to secure Ubuntu 24.04 using essential hardening steps like updates, firewall setup, and SSH protection. These changes reduce risk and prepare your VPS for production use.
Table of Contents
Why You Must Secure Your VPS Immediately
A fresh VPS is exposed to the internet within seconds. Bots constantly scan servers looking for weak passwords, open ports, and outdated software.
Without basic hardening:
- Unauthorized access attempts increase
- Services can be exploited
- Your server may be compromised quickly
Securing your server early prevents most common attacks.
This is part of our VPS Setup series. See more in VPS Basics & Preparation.
Update System Packages
Start by updating your system to ensure all packages are current.
sudo apt update && sudo apt upgrade -y
This installs security patches and bug fixes.
You should run this regularly to keep your server secure.
Create a Sudo User (If Not Done)
Avoid using root for daily tasks.
If you haven’t created a user yet, follow: How to Add a Sudo User in Ubuntu.
Once created, switch to your user:
su - yourusername
Using a sudo user reduces risk and improves accountability.
Configure a Basic Firewall (UFW)
Ubuntu includes UFW (Uncomplicated Firewall).
Allow essential ports:
sudo ufw allow OpenSSH
Enable firewall:
sudo ufw enable
Check status:
sudo ufw status
This ensures only required ports are accessible.
Disable Root Login Over SSH
Only do this after adding your sudo user and confirming you can login with it.
Edit SSH configuration:
sudo nano /etc/ssh/sshd_config
Find:
PermitRootLogin yes
Change to:
PermitRootLogin no
Restart SSH:
sudo systemctl restart ssh
Change Default SSH Port (Optional)
Changing port reduces automated attacks.
Edit config:
sudo nano /etc/ssh/sshd_config
Find:
#Port 22
Change to:
Port 2222
Restart SSH:
sudo systemctl restart ssh
Also update firewall:
sudo ufw allow 2222
Install Fail2Ban (Basic Protection)
Fail2Ban blocks repeated failed login attempts.
Install:
sudo apt install fail2ban -y
Enable:
sudo systemctl enable fail2ban
Start:
sudo systemctl start fail2ban
Fail2Ban helps prevent brute-force attacks.
Enable Automatic Security Updates (Optional)
You can automate security updates.
Install:
sudo apt install unattended-upgrades -y
Configure:
sudo dpkg-reconfigure unattended-upgrades
This ensures your system stays patched.
Verify Your Setup
Check services:
sudo systemctl status ssh
sudo systemctl status fail2ban
Check firewall:
sudo ufw status
Your server should now be significantly more secure.
What to Do Next
After securing your server, you can safely move to:
- Install a control panel like Virtualmin
- Set up Nginx and PHP
- Configure your database
Follow the next guide: How to Change Your Server Hostname before installing software.
Conclusion
Securing your Ubuntu VPS is the most important step after connecting. By updating packages, configuring firewall rules, and protecting SSH access, you reduce the risk of attacks significantly.
If you run into issues or need deeper fixes, start here: VPS Troubleshooting