1. Update Everything

apt update && apt upgrade -y

2. Create a Non-Root User

adduser youruser
usermod -aG sudo youruser

3. Set Up SSH Key Authentication

Generate keys locally and copy the public key to your server. Disable password login in /etc/ssh/sshd_config.

4. Configure UFW Firewall

ufw allow 22 && ufw allow 80 && ufw allow 443 && ufw enable

5. Install Fail2Ban

apt install fail2ban -y

Fail2Ban automatically bans IPs that repeatedly fail authentication.

6. Enable Automatic Security Updates

apt install unattended-upgrades -y