Lock down a VPS in 45 minutes

Mustafa Erbay published a step-by-step hardening guide on June 20, 2026, for a brand-new VPS. Within 45 minutes, he disables password logins, installs a minimal ufw firewall, creates a non-root sudo user, and enables automatic security updates [Dev.to]. The checklist also adds fail2ban to throttle brute-force SSH attempts and starts auditd for basic file-integrity monitoring [Dev.to (author)].

Erbay's test recorded SSH brute-force attempts just seven minutes after a VPS came online, confirming the importance of early hardening [Dev.to]. Applying the same firewall rules to a production ERP deployment reduced exposed ports by 80%, showing that a few ufw commands can eliminate most automated scans.

By locking down SSH, enabling automatic updates, and installing fail2ban, the server reduces its baseline threat, allowing engineers to prioritize application-level hardening without constant log noise [Dev.to].