DEV Community

Cover image for How to Secure a UK Dedicated Server in 2026: Complete Step-by-Step Guide
eServers profile image olivia Millie
olivia Millie for eServers

Posted on • Originally published at eservers.uk

How to Secure a UK Dedicated Server in 2026: Complete Step-by-Step Guide

#linux #security #devops #ubuntu

When you invest in dedicated servers for your UK business, you gain ultimate raw power, complete control, and maximum privacy.

Unlike shared hosting, a bare-metal machine means you are solely responsible for its security. In this guide, we will walk you through the most critical steps to lock down your dedicated server running Ubuntu or Debian, keeping your data safe and GDPR-compliant.

Step 1 — Update Your System Immediately

Outdated software is the number one vulnerability. The very first thing you should do upon receiving your new server credentials is to update the OS packages.

sudo apt update && sudo apt upgrade -y

## Step 2 — Change the Default SSH Port and Disable Root Login
Hackers constantly scan port 22 for brute-force attacks. Changing this port and disabling direct root access drastically reduces your attack surface. Open your SSH configuration file:
Enter fullscreen mode Exit fullscreen mode


bash
sudo nano /etc/ssh/sshd_config


Find `#Port 22` and change it to something like `Port 2244`. Then, find `PermitRootLogin yes` and change it to `PermitRootLogin no`. Restart the SSH service to apply changes:
Enter fullscreen mode Exit fullscreen mode


bash
sudo systemctl restart sshd


## Step 3 — Configure a Basic Firewall (UFW)
Your bare-metal server needs a strict firewall rule set. UFW (Uncomplicated Firewall) is perfect for this.
Enter fullscreen mode Exit fullscreen mode


bash
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 2244/tcp # Your new SSH port
sudo ufw allow 80/tcp # HTTP
sudo ufw allow 443/tcp # HTTPS
sudo ufw enable


## Step 4 — Install Fail2Ban to Stop Brute-Force Attacks
Fail2Ban automatically blocks IP addresses that show malicious signs, such as too many password failures.
Enter fullscreen mode Exit fullscreen mode


bash
sudo apt install fail2ban -y
sudo systemctl enable fail2ban
sudo systemctl start fail2ban




## Conclusion
Securing your infrastructure is an ongoing process. By following these foundational steps, you make it extremely difficult for automated bots and attackers to compromise your system.

If you are looking for enterprise-grade security and uncompromised performance, explore our range of highly secure UK dedicated servers at [eServers](https://www.eservers.uk) today.

\-\-\-
Enter fullscreen mode Exit fullscreen mode

Top comments (0)