“Ultimate Guide to Securing Your Website with VPS Setup and Security Measures”
Congratulations on purchasing a new VPS plan! Setting up a VPS can be a bit daunting, but with the right guidance, it can be done smoothly. In this blog post, we will cover the complete setup of a VPS, including all the security measures you should take.
Step 1: Access Your VPS
After signing up for a VPS plan, your hosting provider will send you an email with the login credentials to access your VPS. You can log in using an SSH client like PuTTY (for Windows) or the terminal (for macOS and Linux) by entering the following command:
Replace [username] with your VPS username, which is usually “root,” and [IPaddress] with your VPS’s IP address.
Create a SUDO User
As mentioned above, the username is usually ‘root’ and everybody knows that, now you know too. So, Creating a sudo user is a good practice to improve the security of your VPS by limiting root access. Here are the steps to create a sudo user on a Linux-based VPS:
Log in to your VPS using the root account via SSH.
Run the following command to add a new user:
Replace [username] with the desired username for your new user. Follow the prompts to set a password and other information for the new user.
- Run the following command to add the new user to the sudo group:
usermod -aG sudo [username]
Replace [username] with the username of the new user that you just created.
- To verify that the new user has sudo privileges, you can run:
sudo -l -U [username]
This command will list all the commands that the new user can execute with sudo privileges.
That’s it! You have successfully created a new user with sudo privileges. You can now use this new user account to perform administrative tasks on your VPS instead of using the root account.
Limiting root access
It’s an essential security measure that can prevent unauthorized access to your VPS. Here’s how you can limit root access on a Linux-based VPS:
Login to your VPS using the root account via SSH. (we are still logged in, so it’s ok)
Edit the SSH configuration file by running the following command:
sudo nano /etc/ssh/sshd_config
Find the line that says “PermitRootLogin yes” and change it to “PermitRootLogin no“.
Save the file and exit.
Restart the SSH service with the following command:
sudo service sshd restart
Now, root SSH logins will be disabled, and only users with sudo access can log in and perform administrative tasks on your VPS.
In addition to disabling root SSH logins, you should also create a new user with sudo privileges (as described in the previous section), and only use that user to perform administrative tasks on your VPS. This helps prevent unauthorized access to your VPS by limiting the number of users with administrative access.
Step 2: Set up Firewall
Setting up a firewall is the first step securing your VPS after creating a SUDO user. We will be using UFW (Uncomplicated Firewall), a user-friendly interface for managing firewall rules. First, we need to check if UFW is installed by entering the following command:
sudo ufw status
If it is not installed, we can install it by entering the following command:
sudo apt-get install ufw
Once UFW is installed, we can set up some basic firewall rules:
sudo ufw allow OpenSSH
sudo ufw enable
The first command allows incoming SSH traffic, and the second command enables the firewall. You can check the status of the firewall by entering:
sudo ufw status
Step 3: Install and Configure SSH
SSH (Secure Shell) is a protocol used to securely connect to a remote server, and it is essential to secure your VPS. We can install SSH by entering the following command:
sudo apt-get install openssh-server
By default, SSH uses port 22, which is a target for hackers. We can change the default SSH port to a custom port by editing the configuration file:
sudo nano /etc/ssh/sshd_config
Locate the line that says “Port 22” and change it to a custom port number (e.g., Port 2222). Save the file by pressing Ctrl+X, then Y, then Enter.
From then we have to login to our SSH mentioning the port number too let’s say we changed our port number to ‘2222’ so from now on whenever we need to login to our server via SSH we need to type:
ssh [username]@[IPaddress] -p 2222
Obviously you wont be using ‘2222’ so you need to change the port number to your own port number.
We can also use key-based authentication to secure our SSH connection. First, we need to generate an SSH key pair on our local machine:
ssh-keygen -t rsa
This will create two files: id_rsa (the private key) and id_rsa.pub (the public key). We need to copy the public key to our VPS:
ssh-copy-id -i ~/.ssh/id_rsa.pub [username]@[IPaddress]
Replace [username] with your VPS username and [IPaddress] with your VPS’s IP address. Now you can log in securely using your SSH key pair.
Step 4: Update Your OS and Software
It is essential to keep your VPS’s operating system and software up to date to ensure security and stability. You can update your packages by entering the following commands:
sudo apt-get update
sudo apt-get upgrade
Step 5: Install Security Tools
We can install some security tools to further secure our VPS. First, we need to install fail2ban, a tool that automatically bans IP addresses that attempt to perform malicious actions on our VPS:
sudo apt-get install fail2ban
Next, we can install ClamAV, a virus scanner that helps detect and remove malware:
sudo apt-get install clamav
sudo systemctl enable clamav-freshclam
We can also set up automatic virus scans by creating a cron job:
sudo nano /etc/cron.weekly/scan.sh
Enter the following commands in the file:
Run a weekly virus scan
sudo clamscan -r /
Save the file by pressing Ctrl+X, then Y, then Enter. Make it executable using the following command:
sudo chmod +x /etc/cron.weekly/scan.sh
Step 6: Secure Your Web Server
If you are running a web server, you should secure it by installing an SSL Certificate and using HTTPS. We can use Let’s Encrypt, a free SSL Certificate provider, to secure our web server. First, we need to install Certbot, the official Let’s Encrypt client:
sudo apt-get install certbot
Next, we can run Certbot and obtain an SSL Certificate:
sudo certbot certonly --standalone -d [yourdomain.com]
Replace [yourdomain.com] with your actual domain name. Follow the prompts to complete the SSL Certificate installation.
We also need to configure our web server to use HTTPS instead of HTTP. If you are using Apache, you can enable HTTPS by entering the following command:
sudo a2enmod ssl
Then, edit the Apache configuration file:
sudo nano /etc/apache2/sites-available/default-ssl.conf
Add the following lines inside the <VirtualHost> tags:
Replace [yourdomain.com] with your actual domain name. Save the file and restart Apache:
sudo systemctl restart apache2
Step 7: Backup Your Data
Finally, we need to back up our VPS data to an offsite location in case of data loss or corruption. You can use the rsync command to backup your data to another server:
sudo rsync -avzh --progress [localdirectory] [username]@[IPaddress]:/[remotedirectory]
Replace [localdirectory] with the directory you want to back up, [username] with the remote server username, [IPaddress] with the remote server’s [IP address], and [remotedirectory] with the remote directory you want to backup to.
In conclusion, setting up a VPS can be done quickly and securely by following the steps above. Remember to always prioritize security, keep your software updated, and regularly back up your data. With these security measures in place, you can enjoy a smooth and secure VPS experience.