How can I change my RDP port?
What this is
Moving Remote Desktop off the default port 3389. It eliminates the drive-by scanner and brute-force noise (targeted attackers will still find the new port, it's obscurity, not security, same honesty as the SSH version). The measures that actually defend RDP, NLA, a lockout policy, and above all IP-restricting the rule, are in Protecting RDP from brute force; do those first, and treat the port move as optional noise reduction.
Steps, in an order that can't lock you out
- Firewall rule for the new port first (say you picked 3390), before anything listens on it:
New-NetFirewallRule -DisplayName "RDP 3390" -Direction Inbound -Protocol TCP -LocalPort 3390 -Action Allow
(The firewall guide if you prefer the GUI.)
- Change the port in the registry. Run
regedit, go to:
HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
double-click PortNumber, select Decimal, and enter your port. (PowerShell equivalent: Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name PortNumber -Value 3390.)
-
Restart the VPS (or restart Remote Desktop Services, which will drop your session either way).
-
Test before you trust it: connect to
YOUR.VPS.IP:3390, theip:portsyntax works in every client we document, the Computer field in Remote Desktop Connection, the PC name field on Mac, iPhone/iPad, and Android. -
Once the new port works, remove the old allowance if you'd added a custom 3389 rule (the built-in Remote Desktop rule can simply be disabled), so the old door isn't left open for the scanners you moved to avoid.
If it went wrong
The Console in your client area reaches the VPS without RDP, open it, fix the registry value or the firewall rule, restart, and you're back. Worst case, the troubleshooter checks whether RDP is answering at all.
Still need help?
You can open a support ticket. So we can help on the first reply, it's worth mentioning:
- the VPS hostname or IP and the port you moved RDP to,
- whether the firewall rule for the new port exists,
- whether the Console still gets you in.
Related questions
- "How do I change the RDP port on my Windows VPS?"
- "How do I connect to RDP on a custom port?"
- "Does changing the RDP port improve security?"
- "I changed the RDP port and can't connect anymore."