The Ultimate 10-Step Ubuntu Security Checklist for New VPS Owners

Securing a fresh Ubuntu VPS is the single most important step after deployment. Whether you are using DigitalOcean or Vultr, a brand-new server is exposed to the entire internet within minutes. Automated bots will begin brute-forcing your SSH port almost instantly.

Here is the ultimate 10-step checklist to secure your Ubuntu Server and lock out malicious actors.

1. Update Your System

Before doing anything else, ensure all packages are up to date to patch known vulnerabilities.

apt update && apt upgrade -y

2. Create a Non-Root User

Never run your applications as the root user. Create a new user with sudo privileges.

adduser sysadmin
usermod -aG sudo sysadmin

3. Set Up SSH Key Authentication

Passwords can be brute-forced. SSH keys are mathematically impossible to crack with current technology. Generate a keypair on your local machine and copy the public key to your server.

Once your SSH keys are working, edit the SSH daemon configuration to completely disable root login and password-based access.

nano /etc/ssh/sshd_config
# Set PermitRootLogin no
# Set PasswordAuthentication no
systemctl restart ssh

5. Change the Default SSH Port

Changing the SSH port from 22 to something else (like 2222) stops 99% of automated bot scripts from filling up your auth logs.

6. Configure the UFW Firewall

Ubuntu comes with UFW (Uncomplicated Firewall). Enable it and only allow the ports you explicitly need (like your new SSH port, HTTP, and HTTPS).

ufw allow 2222/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw enable

7. Install Fail2Ban

Fail2Ban monitors your log files and automatically bans IP addresses that show malicious signs, such as too many password failures.

apt install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban

8. Enable Automatic Security Updates

Keep your server secure without manual intervention by enabling unattended upgrades.

apt install unattended-upgrades -y
dpkg-reconfigure -plow unattended-upgrades

9. Secure Shared Memory

Many exploits use shared memory. Secure it by modifying your fstab file to mount it as read-only and restrict execution.

10. Install a Rootkit Scanner

Finally, install rkhunter or chkrootkit to scan your server periodically for hidden malware.

apt install rkhunter -y
rkhunter --checkall

Ready to deploy your secure server?
Grab Free Credit on DigitalOcean or Free Credit on Vultr to start building.

News

Company:

Join our community of SUBSCRIBERS and be part of the conversation.

The Ultimate 10-Step Ubuntu Security Checklist for New VPS Owners

1. Update Your System

2. Create a Non-Root User

3. Set Up SSH Key Authentication

5. Change the Default SSH Port

6. Configure the UFW Firewall

7. Install Fail2Ban

8. Enable Automatic Security Updates

9. Secure Shared Memory

10. Install a Rootkit Scanner

Table of contents [hide]

Top Cheap Cloud Storage Solutions for 2026

Understanding Cloud Infrastructure vs Bare Metal

Deploying Modern Web Apps on Railway

The Best Cheap Cloud Hosting for WordPress

Securing Your WordPress wp-admin Dashboard

Local News

Top Cheap Cloud Storage Solutions for 2026

Understanding Cloud Infrastructure vs Bare Metal

Deploying Modern Web Apps on Railway

The Best Cheap Cloud Hosting for WordPress

Top Cheap Cloud Storage Solutions for 2026

Understanding Cloud Infrastructure vs Bare Metal

Deploying Modern Web Apps on Railway

News

Company:

Join our community of SUBSCRIBERS and be part of the conversation.

The Ultimate 10-Step Ubuntu Security Checklist for New VPS Owners

1. Update Your System

2. Create a Non-Root User

3. Set Up SSH Key Authentication

4. Disable Root Login & Password Authentication

5. Change the Default SSH Port

6. Configure the UFW Firewall

7. Install Fail2Ban

8. Enable Automatic Security Updates

9. Secure Shared Memory

10. Install a Rootkit Scanner

Table of contents [hide]

Local News