A Simple Guide to Make Your VPS Safer — Even If You're Just Starting Out
Your VPS (Virtual Private Server) is like your home on the internet — and just like a home, it needs locks, fences, and security cameras to stay safe. This guide will walk you through three critical steps to secure your VPS:
- Set up a basic firewall
- Secure -SSH access
- Install SSL for HTTPS
Step 1: Set Up a Basic Firewall with UFW (Uncomplicated Firewall)
A firewall controls what kind of traffic can reach your VPS. Let’s use UFW, a beginner-friendly firewall for Ubuntu/Debian systems.
✅ Install UFW
sudo apt update
sudo apt install ufw
✅ Allow SSH (so you don’t lock yourself out)
sudo ufw allow OpenSSH
If you're using a non-standard SSH port (e.g., 2222), allow that too:
sudo ufw allow 2222/tcp
✅ Allow HTTP and HTTPS
sudo ufw allow 80
sudo ufw allow 443
✅ Enable the Firewall
sudo ufw enable
To check status:
sudo ufw status
Only open ports that your app or server needs!
Step 2: Secure SSH Access
SSH is how you remotely access your server. But by default, it’s a bit too open.
✅ Change the Default SSH Port (optional but adds extra protection)
Edit the SSH config file:
sudo nano /etc/ssh/sshd_config
Find and change:
Port 22
To something like:
Port 2222
Then restart SSH:
sudo systemctl restart ssh
✅ Disable Root Login via SSH
Still in /etc/ssh/sshd_config, find:
PermitRootLogin yes
Change to:
PermitRootLogin no
Restart SSH again:
sudo systemctl restart ssh
✅ Use SSH Keys Instead of Passwords
From your local machine, run:
ssh-keygen -t rsa -b 4096
Then copy the key to your VPS:
ssh-copy-id username@your-server-ip
Disable password authentication (optional but recommended):
sudo nano /etc/ssh/sshd_config
Set:
PasswordAuthentication no
Restart SSH:
sudo systemctl restart ssh
Step 3: Install Free SSL Using Let’s Encrypt (with Certbot)
SSL (HTTPS) encrypts your website traffic. Let’s Encrypt makes it easy and free.
✅ Install Certbot
For Nginx:
sudo apt install certbot python3-certbot-nginx
For Apache:
sudo apt install certbot python3-certbot-apache
✅ Issue an SSL Certificate
sudo certbot --nginx
Or for Apache:
sudo certbot --apache
Follow the prompt and choose to redirect HTTP to HTTPS.
✅ Auto-Renew SSL
Let’s Encrypt certificates expire every 90 days. Set up auto-renewal:
sudo systemctl list-timers
Certbot typically installs a timer, but you can test renewal with:
sudo certbot renew --dry-run
Final Thoughts
Security doesn't have to be scary.
With just a few commands, you've:
✅ Protected your SSH login
✅ Closed unnecessary network doors
✅ Encrypted web traffic with HTTPS
These are must-do steps for anyone hosting websites, APIs, or apps on a VPS — even beginners.
Bonus Tools for Extra Security (Optional)
- Fail2Ban: Automatically blocks brute-force attempts
- ModSecurity: Web application firewall
- Auditd: For logging and monitoring server changes
Resources