List of Articles Icon

Knowledge Base

Guides and answers for your VPS, the client area, and billing

Securing your Windows VPS

What this is

The security checklist for your Windows Server VPS, layered like its Linux counterpart, but with one platform fact that changes the priorities: Windows VPS does not sit behind our managed edge firewall (that's a Linux VPS feature). Every service listening on your Windows VPS is internet-facing unless Windows Defender Firewall says otherwise, which makes the firewall and RDP sections below the load-bearing ones.

1. Accounts and passwords

  • The Administrator password is the key to everything: long, unique, from a password manager, and pasted carefully (the whitespace trap).
  • One account per human. Sharing Administrator between colleagues costs you your second RDP session and any ability to tell who did what. Create additional accounts (Computer Management → Local Users and Groups), and give daily-use accounts standard user rights where full admin isn't needed.
  • Leave UAC on, it's the consent prompt between a mistake and a system change.

2. RDP is your front door, treat it accordingly

Port 3389 gets scanned and brute-forced the way SSH does on Linux, and here there's no network-level ban system in front of it, the hardening is yours. The short version: Network Level Authentication on (it's the modern default, verify in System Properties → Remote), an account lockout policy, and ideally IP-restricting the RDP firewall rule. The full treatment, including moving the port and reading the failed-logon log, is in Protecting RDP from brute force.

3. Keep Windows updated

Patch Tuesday exists because the holes are real, and unpatched RDP/SMB vulnerabilities are how Windows servers get owned at scale. Leave automatic updates on and manage the reboots rather than the updates, the how (and the "why is my VPS slow on patch day" answer) is in Windows Updates on your VPS.

4. Defender stays on

Microsoft Defender (antivirus and firewall) ships enabled, keep both. Don't install "optimizer" tools or crack-adjacent software that asks you to disable protection first, on a server, that request is the attack. If Defender flags something you installed on purpose, add a scoped exclusion for that path rather than lowering the shields globally.

5. Don't expose services that don't need exposing

The Windows equivalents of the classic self-inflicted holes:

  • SQL Server reachable from the internet (port 1433) with a weak sa password, bind it to localhost or firewall it to the app server's IP only.
  • SMB file sharing (port 445) to the internet: never. It's the single most attacked Windows port in history; sharing files off-box goes over a VPN or SFTP instead.
  • Audit what's listening the same way you would on Linux: Get-NetTCPConnection -State Listen (or netstat -abno to see which program owns each port), and make each public listener justify itself, firewall everything else. If the output is a wall of mystery, pasting it into an AI chatbot and asking it to identify each listener works as well on Windows as anywhere.

6. Audit with the real tools

Microsoft's own Sysinternals suite is free and made for exactly this: Process Explorer shows what every process actually is (with built-in VirusTotal checking), and Autoruns lists everything configured to start with the machine, the first place to look when something feels off, and the same place miners hide.

7. Backups are the last line

Same doctrine as everywhere: when prevention fails, restoration is the plan. Backing up a Windows VPS covers the add-on and the do-it-yourself layers. And if you're compromised despite everything, the recovery doctrine is OS-agnostic: data off, rebuild, rotate every credential.

Still need help?

You can open a support ticket. So we can help on the first reply, it's worth mentioning:

  • the VPS hostname or IP,
  • what you're locking down, or what prompted the check,
  • anything odd you've already spotted (log entries, processes, listeners).
  • "How do I secure my Windows VPS?"
  • "Does my Windows VPS have a firewall in front of it?"
  • "Should I disable Defender on my server?"
  • "Is it safe to expose SQL Server or file sharing to the internet?"
  • "How do I see what's listening on my Windows server?"
Last reviewed: 2026-07-02