How to Set Up a VPS: Your First Hour

To set up a VPS, connect to it over SSH with ssh root@your_server_ip, update the system, create a new user with sudo rights instead of using root, harden SSH, turn on a firewall, then install your web stack. Point your domain, add SSL, and set up backups. Plan on about an hour.

Key takeaways

  • A VPS (virtual private server) is a server you control from the command line, so the first hour is about access, security, and your web stack.
  • The safe order is: connect, update, make a sudo user, harden SSH, add a firewall, then install software.
  • Never run day-to-day tasks as root, and never rely on a password alone for SSH.
  • A managed VPS or a one-click stack does most of steps 2–7 for you if the command line feels like too much.
  • Finish by pointing your domain, adding an SSL certificate, and turning on automatic backups.
Disclosure: Some links on this page are affiliate links. If you buy through them, we may earn a commission at no extra cost to you. We only recommend products we believe genuinely help with the problem this page covers. Our guidance stays the same whether or not a link earns anything.

What you need before you start

You just bought your first VPS and the provider emailed you an IP address and a password. Now what? Don't worry — the first hour has a clear path, and you can follow it even if you have never touched a server before. This guide is a plain, step-by-step walkthrough for a fresh Linux VPS. If you are still deciding whether a VPS is the right kind of hosting for you, start with our explainer on what VPS hosting is and come back here once you have a plan.

A VPS, short for virtual private server, is a slice of a physical server that acts like its own machine, with its own operating system, resources, and root access that you control. That control is the whole point — and it means the setup is on you rather than a hosting company.

Before you begin, make sure you have these three things ready:

  • A VPS plan that is active, running a fresh Linux image. This guide uses Ubuntu or Debian, the most common beginner choices, so every command below works out of the box.
  • Your root login details or an SSH key. Your provider gives you the server's IP address (its unique numeric address on the internet) plus either a root password or a way to add an SSH key — a pair of cryptographic files that log you in without a password.
  • Basic comfort with the command line — or a willingness to copy and paste carefully. If a black terminal window makes you nervous, that is fine: the managed-VPS shortcut further down removes most of this work.

You will type real commands in this guide. If a command is unfamiliar, our reference on Linux SSH commands explains what each one does, so keep it open in a second tab.

On Windows, the built-in PowerShell or Windows Terminal already includes an ssh command. On macOS and Linux, use the built-in Terminal app. You do not need to install extra software to follow along.

What "setting up a VPS" actually means

Setting up a VPS is not one big task. It is a short sequence of small ones, and they fall into three groups. First, access: getting into the server and making sure only you can. Second, security: closing the doors that attackers scan for within minutes of a server coming online. Third, your stack: the web server, language, and database that actually run your site.

The order matters. New servers are found by automated bots almost immediately, so you lock the doors before you install anything worth attacking. That is why the steps below put user accounts, SSH, and the firewall ahead of your web software. Follow the sequence and you finish the first hour with a server that is both usable and reasonably safe.

The first-hour setup, step by step

Work through these in order. Each step is one action. Commands are shown in this style — type or paste them into your terminal and press Enter.

  1. Connect to your VPS over SSH. SSH (Secure Shell) is the encrypted way to log into a server's command line. From your computer's terminal, run ssh root@your_server_ip, replacing your_server_ip with the IP your provider gave you. Type yes to accept the server's fingerprint the first time, then enter your password. Logging in with an SSH key is safer than a password because a key cannot be guessed — see our Linux SSH commands guide to set one up.
  2. Update the system. A fresh image is usually weeks or months out of date. On Ubuntu or Debian, run apt update && apt upgrade. The first part refreshes the list of available software; the second installs the newer, patched versions. Answer Y when prompted, and let it finish before moving on.
  3. Create a new user with sudo privileges. Working as root (the all-powerful admin account) all day is risky — one wrong command can wipe the server. Instead, make a normal user and give it sudo rights, which let it run admin commands only when needed. Run adduser yourname and set a strong password, then usermod -aG sudo yourname to add it to the sudo group. Set up SSH key login for this new user too, so you can reach it directly next time.
  4. Harden SSH. Open the SSH config file (/etc/ssh/sshd_config), then disable root login and password authentication by setting PermitRootLogin no and PasswordAuthentication no. Restart SSH to apply the change. From now on, log in as your new user with your key. This single step blocks the most common automated attacks — password-guessing bots hammering the root account.
  5. Set up a firewall. A firewall decides which network ports accept connections. On Ubuntu and Debian, UFW (Uncomplicated Firewall) makes this easy. Run ufw allow OpenSSH so you don't lock yourself out, then ufw allow 80 and ufw allow 443 to permit web traffic (HTTP and HTTPS). Turn it on with ufw enable. Everything else stays closed.
  6. Install your web stack. To serve a website you need three pieces: a web server (Nginx or Apache), PHP (or another language), and a database such as MySQL or MariaDB. Together these are the LEMP stack (with Nginx) or the LAMP stack (with Apache). Install them with apt, then confirm the web server responds by visiting your IP in a browser.
  7. Add a control panel (optional). If you would rather manage the server through a graphical dashboard than the command line, install a control panel — a web-based interface for sites, email, and databases. Our guide to hosting control panels compares the popular free and paid options so you can pick one before you install it.
  8. Point your domain to the VPS. Update your domain's DNS records so its A record points to your server's IP address. Changes can take a little time to spread across the internet. Our walkthrough on how to point a domain shows exactly which records to change.
  9. Add an SSL certificate. An SSL certificate encrypts traffic and turns on the padlock (HTTPS), which visitors and search engines expect. A free certificate takes minutes to install — follow our guide on how to get an SSL certificate.
  10. Set up automatic backups and review security. Finally, protect your work. Turn on scheduled backups using our website backups guide, and if you are running WordPress, tighten it with our steps on how to secure WordPress. A server without backups is one bad command away from starting over.
Test as you go. After each step, confirm it worked before starting the next — try to log in as your new user before you disable root, and check the firewall status with ufw status before you walk away. Catching a mistake early is far easier than untangling it later.

The managed-VPS shortcut

If that list looks like a lot, there is a genuinely easier road. With a managed VPS — a plan where the provider handles server maintenance — or a one-click application or stack, steps 2 through 7 are largely done for you. The server arrives updated, with a web server, PHP, and a database already installed and configured, and often a control panel too.

The trade-off is straightforward. A managed VPS costs more than an unmanaged one, and you give up a little fine-grained control. In return you skip most of the command-line work and the security setup, and you get support if something breaks. For a first server, or for anyone who wants VPS power without becoming a part-time system administrator, that is often a fair deal. You can always learn the manual steps later once your site is live.

Common mistakes to avoid

Before you disable root login or password authentication, confirm you can log in as your new sudo user in a separate terminal window. If you lock out the only working account, you can be shut out of your own server and may need to rebuild it from your provider's console.

Most first-hour problems come down to the same handful of habits. Watch for these:

  • Using root for everything. It is convenient right up until a typo deletes something important. Create a sudo user and use it (step 3).
  • Skipping the firewall. An open server is scanned within minutes of going live. UFW takes two minutes to set up (step 5) and closes almost every unnecessary door.
  • Password-only SSH. Passwords can be guessed by automated bots; SSH keys effectively cannot. Set up key login and turn passwords off (steps 1 and 4).
  • No backups. A VPS gives you no safety net by default. If you have not set up backups, one mistake means starting over. Do it before you go live (step 10).
  • Installing software you don't need. Every extra package is another thing to update and another possible way in. Install only your web server, language, and database to start.

Frequently asked questions

How do I set up a VPS for the first time?

Connect to the server over SSH with ssh root@your_server_ip, update the system with apt update && apt upgrade, create a new user and give it sudo rights, harden SSH, turn on a firewall with UFW, then install your web server, PHP, and database. Finish by pointing your domain, adding SSL, and turning on backups. The whole first pass usually takes about an hour.

Do I have to use the command line?

Not necessarily. An unmanaged VPS is set up almost entirely from the command line, but a managed VPS or a one-click stack handles most of that for you, and a control panel gives you a graphical dashboard afterward. If the terminal feels like too much, choosing managed hosting is a reasonable way to get VPS power without the command-line work.

How do I connect to my VPS?

Use SSH. Open your computer's terminal — Terminal on macOS and Linux, or PowerShell and Windows Terminal on Windows — and run ssh root@your_server_ip, replacing the IP with the one your provider emailed you. Logging in with an SSH key is safer than a password. Our Linux SSH commands guide covers keys and connecting in detail.

What should I install first?

After you have secured the server, install your web stack: a web server (Nginx or Apache), a language such as PHP, and a database such as MySQL or MariaDB. Together these are the LEMP or LAMP stack and are enough to serve a website. Add a control panel only if you want a graphical interface, and avoid installing anything you won't actually use.

Is a managed VPS easier?

Yes, meaningfully so. A managed VPS arrives updated and configured, with your web stack and often a control panel already installed, and the provider handles maintenance and support. You pay more and trade a little control, but you skip most of the setup and security steps. For a first server it is often worth it.

Can I set up a VPS without root access?

You need root or an equivalent administrator account to do the initial setup, because installing software and changing system settings requires it. The goal, though, is to stop using root for daily work: you create a sudo user in step 3 and then log in as that user instead. Root is for setup, not for everyday tasks.

What operating system should I choose for a VPS?

For a first VPS, Ubuntu (a beginner-friendly Linux distribution) or Debian is the easiest choice. Both are widely used, well documented, and every command in this guide works on them. If your provider offers a recent long-term-support version of Ubuntu, that is a safe default.

Summary

Setting up a VPS in your first hour comes down to a clear sequence: connect over SSH, update the system, create a sudo user so you are not living as root, harden SSH, turn on a firewall, then install your web stack. Once the server is secure and serving, you point your domain, add an SSL certificate, and switch on automatic backups. Take the steps in order, test each one before moving on, and you will finish with a server that is both working and reasonably safe.

The natural next step is to lock down the software you just installed. If you are running WordPress on your new VPS, work through our guide on how to secure WordPress to close the gaps attackers look for.

Not sure the command line is for you? If the setup above feels like too much, a managed VPS or a one-click stack does most of it for you — the server arrives updated, secured, and with your web stack already installed. That is a good fit for anyone who wants VPS power without the system-administrator work.

If you would rather start there, Hostinger offers managed VPS plans you can compare against your needs. If valid at the time of purchase, new users may also be able to apply a coupon such as SPECIAL15 or SPECIAL10, subject to Hostinger's terms.

See Hostinger VPS plans →

Affiliate disclosure: if you sign up through this link we may earn a commission, at no extra cost to you. How this works.

When a VPS is the wrong tool. If you want to avoid the command line entirely, a good shared or managed WordPress plan is less work and more reliable than a VPS you administer badly — an unpatched VPS is a liability, not an upgrade. If your goal is specifically to learn Linux administration, unmanaged providers such as DigitalOcean, Hetzner, Vultr or Linode are equally valid and often cheaper per unit of RAM. And if you need a particular distribution, custom kernel modules or a GPU, check availability before you buy rather than after.

References

  • Ubuntu Server documentation — OpenSSH and package management (help.ubuntu.com).
  • Debian Administrator's Handbook — user management and system updates (debian.org).
  • UFW (Uncomplicated Firewall) manual pages — allow rules and enabling the firewall.
  • OpenSSH manual — sshd_config options for disabling root login and password authentication.
Bitrich777 Hosting Team
About the author

The editorial team behind the Bitrich777 Hosting Help Center — practical, tested guides on web hosting, WordPress, servers, DNS, SSL, email, security and migration. Every walkthrough is reproduced on a live host before it is published.

Spotted an error? Tell us