Your VPS Is Naked.
Let's Fix That.

Before Someone Else Does.

Every day, thousands of indie hackers spin up a VPS and leave it with default settings. That's insane. It's like buying a house and leaving all the doors open because "the neighborhood seems nice." I've been hosting projects since 1998, back when dedicated servers cost more than rent. I've seen what happens to unprotected boxes. It's not pretty.

VPSArmor isn't another security checklist. It's opinionated protection that actually teaches you what's happening. Because understanding your defenses is the difference between cargo-cult security theater and actual protection. Only for Debian Stable and Ubuntu LTS.

Deploy Your Armor. One Command.
wget -qO- https://vpsarmor.com/bootstrap.sh | bash 📋

The bootstrap.sh script fetches the latest installer. The repo's install.sh performs the hardening.

The Uncomfortable Truths

Your "Secure" Password Is a Joke

Bots are hammering your SSH port right now. This very second. They don't care about your clever mix of uppercase and symbols. They care that you left password auth enabled like it's 2003. We'll fix that. Keys only. No exceptions.

You Don't Need 47 Open Ports

Every open port is a door. Most VPS boxes look like Swiss cheese—thousands of holes because "what if I need it later?" You won't. You need SSH, HTTP, and HTTPS. Maybe a database port if you're feeling adventurous. Everything else? Locked down.

Updates Aren't Optional

That kernel from 2019 you're running? It has more known exploits than a reality TV show. Security isn't a one-time setup—it's hygiene. Like brushing your teeth, but for servers. Miss a few days and things get nasty fast.

Your Defense Arsenal

🛡️

Firewall That Actually Works

We set up and enable UFW for both IPv4 and IPv6. Defaults: ports 22, 80, and 443 open; everything else locked down.

🔐

SSH Hardening

No root login. No passwords. Just keys. The way Satoshi intended.

⚔️

Fail2Ban Integration

Three strikes and you're out. Bots get the boot. Automatically.

📦

Package Audit

See what repos you're trusting. Sometimes a bit too many.

🎓

Educational Mode

Learn what's happening and why. Security through understanding, not blind faith.

🚀

Automation Ready

Full auto mode for CI/CD. Use --automagic or -a. Because manual security doesn't scale.

Safety Notes

Don’t Lock Yourself Out

Before disabling SSH password authentication, we detect whether an SSH key exists in ~/.ssh/authorized_keys. If no key is present, we refuse the change.

Closing Port 22

If you choose to close SSH (port 22), we ask for explicit confirmation—twice.

Supported OS, By Design

We verify you’re on Debian Stable or Ubuntu LTS before proceeding. No half‑support or silent failures.

Stop Being An Easy Target

Your VPS doesn't need to be Fort Knox.
It just needs to be harder to crack than the next guy's.

View on GitHub