You can never be too careful when it comes to your VPS security. With hackers and malware and ransomware lurking around the corner, itâs essential to take whatever precautions you can. While there is no such thing as a 100% secure Windows VPS, there are ways to ramp up security without too much effort.
Though knowing just what to do and where to start can be a little intimidating at first, once you get the basics down it will be easier than youâd think. That is the purpose of this post. Here we will go over X of them to get your Windows server in shape and youâll be much better equipped to make the right calls once youâre through.
5 Easy-to-Use Tricks for Securing your Windows VPS
As I promised before, I will cover five easy ways you can use to make sure your Windows VPS is more secure. By using these tricks, you can simply secure Windows VPS enough to make it really hard for the average hacker to breakthrough.
There are different ways we can approach this. Some of my colleagues even suggested enabling Two-Factor Authentication. True, itâs an important security measure but only for your Microsoft account, relating to a secure Windows VPS only indirectly. Here, I will focus on the more direct methods: from getting rid of the default admin account to choosing a complex and lengthy password and restricting the remote desktop connection. So, without any delays, here are the 5 easy steps to a more secure Windows VPS.
Check out our affordable Windows VPS plans, featuring powerful hardware, minimal latency, and a free Windows of your choice!
Claim your Free Windows1. Get Rid of the Default Administrator Account
Your usual Windows VPS plan comes with a default Administrator account already set up. While thatâs very useful when first installing the operating system, it can prove a liability soon enough. The problem, of course, is automatic brute-force attacks that basically try to guess your username-password combination over and over again. Thatâs much easier when they already know one username: the default âAdministratorâ account, of course. There are different ways to get rid of this vulnerability, the easiest and the most fireproof being to simply disable the default Administrator account.
The exact way to do it is slightly different for different Windows versions, but there are certain core similarities. Here weâll look at the exact steps you need to take to disable the default Administrator account in Windows Server 2019.
Step 1
Open Server Manager from the Start screen. From Tools select Computer Management. So basically:
Server Manager â Tools â Computer Manager
Step 2
In order to be able to disable the Administrator account, you first need to create another account with administrator privileges. For that, you need to:
From the Local Users menu, select Users. Right-click the list of users and create a New User.
Step 3
Now you need a good username for this new account because this will serve as your new administrator-level account. Itâs best you refrain from using obvious names like âadminâ or ârootâ and instead use proper names or string-number combinations.
In case weâre setting up an account for our own company, a good example would be: ârouterhosting-admin-0â or ârtrhst123â. You also need to set a strong password and confirm it. Later on, we will explain what makes a good password, so for now, make sure itâs an alphanumeric combination and at least 8 characters long.
You must also select âPassword Never Expiresâ and make sure the âAccount is Disabledâ option is not selected (this is the option weâll use to disable âAdministratorâ later).
Step 4
Now it is imperative that you add this account to the Administrators group or else you wonât be able to disable the default account. Go to Groups under Local Users and Groups and select Administrators:
Computer management â Local Users and Groups â Groups â Administrators
Also Read: change Remote Desktop port in Windows VPS
Step 5
Now just add the newly created account through the properties menu of the Administrators group. Once that is done, we can move on to the final phase of the mission.
Step 6
Now weâre finally ready to get rid of that default administrator account for good. First, you must sign out, since you are going to disable it and you canât do that while still signed in. Once signed out, log in with the newly created account using the password you chose.
Step 7
Now that youâre signed in, itâs back to the Computer Management tool for the last time. Go to:
Server Manager â Tools â Computer Manager â Local Users and Groups â Users
Now right-click on Administrator and select properties. Finally, select the âAccount is Disabledâ option from the properties.
Et voila, you have disabled the Default Administrator Account, taking the first step to a secure Windows VPS. Now hackers and brute-force bots must work twice as hard to log in to your server and that is a definite win. Letâs get some more wins by going through the other methods of securing your Windows VPS.
If you have a Linux VPS and you want to figure out how you can secure your Linux VPS, read the “How to Secure Linux VPS?” article to find out about that!
2. Choose a Strong Password for Your New Administrator Account
Now that you have done away with the security risk posed by the default administrator account, you need to make sure your new one is safe by choosing a strong password. There have been many great articles on how to create good passwords and it never hurts to improve your knowledge of what makes or breaks a password, or your VPS, in this case!
Get yourself an efficient Windows 10 VPS for remote desktop, at the cheapest price out there. FREE Windows 10 running on NVMe SSD storage and high-speed internet.
Check Out Windows 10 VPS PlansThere are some basic tips, however, that can help you strengthen your passwords considerably. One is the passwordâs length. With passwords, it is the longer the better (you have to actually be able to memorize it though, so donât get carried away). A 10-character long password is a good place to start and if you use a combination of lowercase and uppercase letters and numbers and avoid dictionary words, then your Windows VPS gets much more secure.
3. Change the Default Port for Remote Desktop Connections
The most usual way for accessing your Windows VPS is by using Remote Desktop. That is a Windows feature that, as its name suggests, allows you to connect to your desktop remotely. Remote Desktop, and any other remote access software for that matter, use a default port (3389) for its connections.
This is a widely-known fact and hackers and malware will exploit that to gain access. So to bolster your Windows VPS security, we suggest you change the Remote Desktop listening port (as itâs called) as soon as possible. Port scanners coupled with brute-force bots are not to be trifled with and leaving the port at its default value only improves their chances of a successful attack.
To change the listening port, you need to use Windows Registry Editor to modify the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
Use a random 4-digit number for the new port number and try to avoid obvious or popular choices like 8080 or 8888. You must also take care that your firewall is not blocking the port number you choose and that it is not already being used by another application or service. That will create conflict and can have catastrophic results.
4. Restrict Remote Desktop by IP to secure windows VPS
Changing the default port for Remote Desktop may not be enough on its own. One way to further improve your Windows VPS security is to restrict the IP addresses that can connect to your VPS via Remote Desktop. This is especially useful if you have a limited number of people connecting to it from a fixed location like an office or if itâs just you connecting from home.
Also Read: How to install Wireguard on Netflix VPS?
If your ISP provides static IP services, then this method might be perfect for you, as you will know exactly with which IP you will be connecting to Remote Desktop. This method is not without some drawbacks, however, as it could prove troublesome if you have more people accessing your VPN or if they are not exactly staying in one place.
There is also a possibility that you will lock yourself out if youâre somehow not able to use your previously defined IPs to connect to Remote Desktop anymore. You should probably weigh the pros and cons carefully before going in for this security measure, but if you do it will make for a much more secure Windows VPS.
5. Manage Windows Firewall Policies and Consider a Third-Party Firewall
All Windows versions come equipped with Windows Firewall, which is a decent enough firewall software if youâre not doing anything too sensitive with your Windows VPS.
While there are some steps you can take to improve the efficiency of the Windows Firewall, you should also give some thought to using third-party software thatâs capable of handling more sensitive tasks, such as processing credit card transactions. Naturally, there are many firewalls to choose from, and finding the right one may take some digging. Thatâs why Iâve written this list of the 6 best firewalls for Windows 10.
Windows Firewall is great at basic and even intermediate-level tasks and you can make sure it operates more efficiently by choosing the right policies. One way to go about that is to simply choose the âDeny Allâ policy, which blocks all incoming and outgoing traffic but predefined exceptions… One potential risk, however, is locking yourself or your users out, without knowing how to fix it. The problem is more widespread than you may think and we have even written a guide on how to disable Windows Firewall using Group Policy, which is the only way you can fix things.
Check out our affordable Windows VPS plans, featuring powerful hardware, minimal latency, and a free Windows of your choice!
Claim your Free WindowsConclusion
Creating and maintaining a secure Windows VPS is essential to any venture. To ensure your Windows server is secure you can take some simple measures yourself and choosing the right VPS hosting provider goes a long way as well. Knowing your hosting company is going the extra mile means you will have more time on your actual work than trying to bolster security. Choose one of our Windows VPS hosting plans now, rest assured that we place security first.