To set up a VPS, connect to it over SSH with ssh root@your_server_ip, update the system, create a new user with sudo rights instead of using root, harden SSH, turn on a firewall, then install your web stack. Point your domain, add SSL, and set up backups. Plan on about an hour.
You just bought your first VPS and the provider emailed you an IP address and a password. Now what? Don't worry — the first hour has a clear path, and you can follow it even if you have never touched a server before. This guide is a plain, step-by-step walkthrough for a fresh Linux VPS. If you are still deciding whether a VPS is the right kind of hosting for you, start with our explainer on what VPS hosting is and come back here once you have a plan.
A VPS, short for virtual private server, is a slice of a physical server that acts like its own machine, with its own operating system, resources, and root access that you control. That control is the whole point — and it means the setup is on you rather than a hosting company.
Before you begin, make sure you have these three things ready:
You will type real commands in this guide. If a command is unfamiliar, our reference on Linux SSH commands explains what each one does, so keep it open in a second tab.
ssh command. On macOS and Linux, use the built-in Terminal app. You do not need to install extra software to follow along.Setting up a VPS is not one big task. It is a short sequence of small ones, and they fall into three groups. First, access: getting into the server and making sure only you can. Second, security: closing the doors that attackers scan for within minutes of a server coming online. Third, your stack: the web server, language, and database that actually run your site.
The order matters. New servers are found by automated bots almost immediately, so you lock the doors before you install anything worth attacking. That is why the steps below put user accounts, SSH, and the firewall ahead of your web software. Follow the sequence and you finish the first hour with a server that is both usable and reasonably safe.
Work through these in order. Each step is one action. Commands are shown in this style — type or paste them into your terminal and press Enter.
ssh root@your_server_ip, replacing your_server_ip with the IP your provider gave you. Type yes to accept the server's fingerprint the first time, then enter your password. Logging in with an SSH key is safer than a password because a key cannot be guessed — see our Linux SSH commands guide to set one up.apt update && apt upgrade. The first part refreshes the list of available software; the second installs the newer, patched versions. Answer Y when prompted, and let it finish before moving on.adduser yourname and set a strong password, then usermod -aG sudo yourname to add it to the sudo group. Set up SSH key login for this new user too, so you can reach it directly next time./etc/ssh/sshd_config), then disable root login and password authentication by setting PermitRootLogin no and PasswordAuthentication no. Restart SSH to apply the change. From now on, log in as your new user with your key. This single step blocks the most common automated attacks — password-guessing bots hammering the root account.ufw allow OpenSSH so you don't lock yourself out, then ufw allow 80 and ufw allow 443 to permit web traffic (HTTP and HTTPS). Turn it on with ufw enable. Everything else stays closed.apt, then confirm the web server responds by visiting your IP in a browser.ufw status before you walk away. Catching a mistake early is far easier than untangling it later.If that list looks like a lot, there is a genuinely easier road. With a managed VPS — a plan where the provider handles server maintenance — or a one-click application or stack, steps 2 through 7 are largely done for you. The server arrives updated, with a web server, PHP, and a database already installed and configured, and often a control panel too.
The trade-off is straightforward. A managed VPS costs more than an unmanaged one, and you give up a little fine-grained control. In return you skip most of the command-line work and the security setup, and you get support if something breaks. For a first server, or for anyone who wants VPS power without becoming a part-time system administrator, that is often a fair deal. You can always learn the manual steps later once your site is live.
Most first-hour problems come down to the same handful of habits. Watch for these:
Connect to the server over SSH with ssh root@your_server_ip, update the system with apt update && apt upgrade, create a new user and give it sudo rights, harden SSH, turn on a firewall with UFW, then install your web server, PHP, and database. Finish by pointing your domain, adding SSL, and turning on backups. The whole first pass usually takes about an hour.
Not necessarily. An unmanaged VPS is set up almost entirely from the command line, but a managed VPS or a one-click stack handles most of that for you, and a control panel gives you a graphical dashboard afterward. If the terminal feels like too much, choosing managed hosting is a reasonable way to get VPS power without the command-line work.
Use SSH. Open your computer's terminal — Terminal on macOS and Linux, or PowerShell and Windows Terminal on Windows — and run ssh root@your_server_ip, replacing the IP with the one your provider emailed you. Logging in with an SSH key is safer than a password. Our Linux SSH commands guide covers keys and connecting in detail.
After you have secured the server, install your web stack: a web server (Nginx or Apache), a language such as PHP, and a database such as MySQL or MariaDB. Together these are the LEMP or LAMP stack and are enough to serve a website. Add a control panel only if you want a graphical interface, and avoid installing anything you won't actually use.
Yes, meaningfully so. A managed VPS arrives updated and configured, with your web stack and often a control panel already installed, and the provider handles maintenance and support. You pay more and trade a little control, but you skip most of the setup and security steps. For a first server it is often worth it.
You need root or an equivalent administrator account to do the initial setup, because installing software and changing system settings requires it. The goal, though, is to stop using root for daily work: you create a sudo user in step 3 and then log in as that user instead. Root is for setup, not for everyday tasks.
For a first VPS, Ubuntu (a beginner-friendly Linux distribution) or Debian is the easiest choice. Both are widely used, well documented, and every command in this guide works on them. If your provider offers a recent long-term-support version of Ubuntu, that is a safe default.
Setting up a VPS in your first hour comes down to a clear sequence: connect over SSH, update the system, create a sudo user so you are not living as root, harden SSH, turn on a firewall, then install your web stack. Once the server is secure and serving, you point your domain, add an SSL certificate, and switch on automatic backups. Take the steps in order, test each one before moving on, and you will finish with a server that is both working and reasonably safe.
The natural next step is to lock down the software you just installed. If you are running WordPress on your new VPS, work through our guide on how to secure WordPress to close the gaps attackers look for.
Not sure the command line is for you? If the setup above feels like too much, a managed VPS or a one-click stack does most of it for you — the server arrives updated, secured, and with your web stack already installed. That is a good fit for anyone who wants VPS power without the system-administrator work.
If you would rather start there, Hostinger offers managed VPS plans you can compare against your needs. If valid at the time of purchase, new users may also be able to apply a coupon such as SPECIAL15 or SPECIAL10, subject to Hostinger's terms.
Affiliate disclosure: if you sign up through this link we may earn a commission, at no extra cost to you. How this works.
When a VPS is the wrong tool. If you want to avoid the command line entirely, a good shared or managed WordPress plan is less work and more reliable than a VPS you administer badly — an unpatched VPS is a liability, not an upgrade. If your goal is specifically to learn Linux administration, unmanaged providers such as DigitalOcean, Hetzner, Vultr or Linode are equally valid and often cheaper per unit of RAM. And if you need a particular distribution, custom kernel modules or a GPU, check availability before you buy rather than after.
sshd_config options for disabling root login and password authentication.The editorial team behind the Bitrich777 Hosting Help Center — practical, tested guides on web hosting, WordPress, servers, DNS, SSL, email, security and migration. Every walkthrough is reproduced on a live host before it is published.
View all guides by the Hosting Team Spotted an error? Tell us