How to Set Up a VPS on Ubuntu 22.04: The Complete Step-by-Step Guide
From signing up for a VPS to a fully configured server with LAMP stack — everything you need to get your first VPS online and secure in 2026.
Wolly Xu 15 min read If you’ve outgrown shared hosting and need more control over your server, a VPS (Virtual Private Server) is the natural next step. But “getting a VPS” can feel intimidating if you’ve never logged into a command line before.
This guide walks you through the entire process: choosing a VPS provider, connecting to your server, securing it, and installing the software you need. No prior server experience required — just 30-90 minutes and a willingness to follow instructions exactly.
By the end of this guide, you’ll have a live, secured VPS running Ubuntu 22.04 LTS — either with a full LAMP stack ready for WordPress, or with the foundation to run whatever web application you choose.
Here’s what we’ll cover step by step:
- Purchase and configure a VPS plan
- Point your domain to your server
- Connect via SSH for the first time
- Harden your server’s security (SSH keys, firewall, Fail2Ban)
- Install Nginx, MySQL, and PHP (the LAMP stack)
- Optionally: install WordPress
- Set up ongoing maintenance
Let’s get started.
What You’ll Need Before Starting
Before we touch the command line, make sure you have all three of these ready:
1. A VPS account
This is the server you’ll be configuring. We’ll use Hostinger as our example throughout this guide — their VPS plans start at $6.49/mo and include KVM console access, which is essential for beginners.
2. An SSH client
This is the tool you’ll use to talk to your server remotely.
- Mac/Linux: Open the built-in Terminal app. You’re good to go.
- Windows: Use Command Prompt, PowerShell, or download Windows Terminal for a better experience.
3. A domain name (optional but recommended)
Pointing a domain to your VPS isn’t strictly required to follow this guide — you can test everything using your server’s IP address. But if you want a real website, you’ll need a domain. Most registrars sell domains for $10-15/year.
This guide uses Ubuntu 22.04 LTS. LTS stands for Long Term Support — Ubuntu 22.04 will receive security updates and patches until April 2027, making it one of the most stable server operating systems available.
Step 1: Choose and Purchase a VPS Plan
For your first VPS, you don’t need to spend much. Here’s what to look for and what to skip.
What to Look for in a VPS
- KVM console access — Critical for when SSH isn’t working. Hostinger includes this on all VPS plans. Some cheaper providers don’t, which means if you lock yourself out via SSH, you have no way to recover the server.
- Root access — Non-negotiable. You need full control of your server.
- SSD storage — Much faster than HDD. All modern VPS plans use SSD by default.
- Weekly backups — Optional but highly recommended. Server mistakes happen.
Recommended Starting Specs
For a single WordPress site or small web app:
| Spec | Minimum | Recommended |
|---|---|---|
| CPU | 1 vCPU | 1 vCPU |
| RAM | 4 GB | 4 GB |
| Storage | 50 GB SSD | 50 GB SSD |
| Bandwidth | 4 TB | 4 TB |
| Console Access | Required | KVM included |
Hostinger’s VPS Starter plan at $6.49/mo meets all recommended criteria. Their KVM console means you can recover your server even if you accidentally block your own SSH access.
Skip These Traps
- Don’t skip the KVM console. It’s the safety net that lets you recover from SSH misconfigurations. All Hostinger VPS plans include it — use it if anything goes wrong.
Ready to get started? Browse Hostinger VPS plans →
Step 2: Point Your Domain to Your VPS IP
Before we configure anything on the server, set up your domain’s DNS so it points to your VPS. This gives DNS time to propagate while we work on the server setup.
In your domain registrar’s DNS settings, add an A record:
| Record Type | Name | Value |
|---|---|---|
| A | @ | your-vps-ip-address |
| A | www | your-vps-ip-address |
Replace your-vps-ip-address with the IP address you received in your VPS welcome email.
What this does: When someone types your domain into a browser, DNS tells their computer where to find your server. The A record is the mapping between your domain name and your server’s IP address.
How long does DNS take? Propagation can take anywhere from 5 minutes to 48 hours, depending on your registrar and ISP. You can continue with the server setup while waiting — we’ll test DNS later.
What if I don’t have a domain yet? You can skip this step entirely and test everything using your server’s IP address. For example, instead of yourdomain.com, you’d visit http://your-vps-ip in your browser.
Step 3: Connect to Your VPS via SSH
Once your VPS is provisioned and running, you’ll receive an email with your server’s IP address, username (usually root), and password. Time to connect.
On Mac or Linux
Open Terminal and run:
ssh root@your-vps-ip-addressReplace your-vps-ip-address with your actual VPS IP.
You’ll be prompted for the root password. Paste it carefully — Terminal won’t show characters as you type (this is normal security behavior).
The first time you connect to a new server, you’ll see a host key verification message:
Are you sure you want to continue connecting (yes/no/[fingerprint])?Type yes and press Enter.
On Windows
Open Command Prompt or PowerShell and run the same command:
ssh root@your-vps-ip-addressPaste your password when prompted.
What If SSH Connection Fails?
SSH failures are the most common stumbling block for beginners. Here’s how to diagnose:
| Error Message | Most Likely Cause | Fix |
|---|---|---|
Connection refused | Server not fully started yet | Wait 5-10 minutes and try again |
Connection timed out | Firewall blocking port 22 | Check provider dashboard, use KVM console |
No route to host | Wrong IP address | Double-check the IP in your welcome email |
Host key verification failed | Server OS reinstalled previously | Run ssh-keygen -R your-vps-ip to clear old key |
Use the KVM console if SSH won’t work. Every reputable VPS provider offers a KVM or VNC console in their dashboard. This connects you directly to your server as if you had a monitor plugged in — completely bypassing the network. If SSH isn’t working, the KVM console is your recovery tool.
Once you’re logged in, you should see a prompt that looks something like:
root@vps:~#You’re now connected to your server. Let’s start configuring.
Step 4: Change Your Root Password
On first login, change the root password immediately. The password you received via email may have been generated automatically and isn’t easy to remember.
passwd rootYou’ll be prompted to enter a new password twice. Choose a strong password:
- Minimum 12 characters
- Mix of uppercase and lowercase letters
- At least one number
- At least one special character (!@#$%^&*)
Write this password down somewhere safe. If you lose it, you’ll need the KVM console to reset it.
Why this matters: Root is the administrator account with full access to everything on your server. A weak password here is an open invitation to hackers — automated bots scan the internet looking for servers with weak root passwords, 24 hours a day.
Step 5: Create a New User with Sudo Access
Running your daily work as root is dangerous — one wrong command can break your entire server. The standard practice is to create a regular user account for everyday tasks and only use root when absolutely necessary.
Create a New User
adduser wollyReplace wolly with your preferred username. You’ll be prompted to enter a password and some optional information (full name, phone, etc. — press Enter to skip these).
Grant Sudo Privileges
Now give this user the ability to run commands as root:
usermod -aG sudo wollyThe -aG flags mean “append to group” — we’re adding the user to the sudo group, which grants them administrator privileges.
How to Use Sudo
When you need to run a command as root, prefix it with sudo:
sudo apt update
sudo systemctl restart nginxYou’ll be prompted for your regular user’s password, not the root password. This is an intentional friction point — sudo makes you consciously confirm that you mean to run a privileged command.
Test Your New User
First, set a password for the new user:
passwd wollyThen, in a new terminal window, test that you can log in with the new user:
ssh wolly@your-vps-ip-addressYou should log in successfully. From now on, use this account for all daily work.
Step 6: Set Up SSH Keys and Disable Password Login
Passwords are decent security, but SSH keys are significantly stronger. SSH keys are a pair of cryptographic files — a private key stays on your computer, a public key goes on the server. Logging in with keys means no password for hackers to guess or intercept.
Generate an SSH Key Pair
On your local computer (not the server), open Terminal or PowerShell and run:
ssh-keygen -t ed25519 -C "[email protected]"The -t ed25519 flag specifies the key type (modern and secure). The -C flag adds a comment — typically your email so you can identify the key later.
When prompted, press Enter to accept the default file location. You’ll be asked for a passphrase — enter something memorable. This adds a second layer of security.
Copy Your Public Key to the Server
ssh-copy-id wolly@your-vps-ip-addressEnter your regular user’s password when prompted. Your public key will be installed in ~/.ssh/authorized_keys on the server.
Test Key-Based Login
ssh wolly@your-vps-ip-addressIf you set a passphrase, enter it. If you left it empty, you should log in directly without any password. Success means your key is working.
Disable Password Authentication
Now that key-based login works, disable password authentication so your server can only be accessed with your private key:
sudo nano /etc/ssh/sshd_configFind and modify these two lines:
PermitRootLogin no
PasswordAuthentication noSave the file (Ctrl+X, then Y, then Enter).
Restart the SSH daemon to apply changes:
sudo systemctl restart sshd⚠️ Test Before You Log Out: Before logging out of your current session, open a new terminal window and verify you can still log in with your SSH key. If it doesn’t work, don’t close this window — go back and check your configuration.
If you get locked out, use the provider’s KVM console to connect and fix /etc/ssh/sshd_config.
Step 7: Configure UFW Firewall
UFW (Uncomplicated Firewall) comes pre-installed on Ubuntu. It blocks unexpected incoming connections while letting legitimate traffic through. Think of it as a bouncer at a club — it decides who gets in and who doesn’t.
Allow SSH Before Enabling the Firewall
Critical: If you enable the firewall before allowing SSH, you’ll lock yourself out of your server. The order matters here.
sudo ufw allow OpenSSHThis opens port 22 (SSH) to incoming connections.
Allow Web Traffic
Allow both HTTP (port 80) and HTTPS (port 443):
sudo ufw allow 'Nginx Full'If you’re using Apache instead of Nginx, use:
sudo ufw allow 'Apache Full'Enable the Firewall
sudo ufw enableYou’ll be asked to confirm. Type y and press Enter.
Check Firewall Status
sudo ufw status verboseYou should see that OpenSSH and Nginx Full are allowed, everything else is denied by default.
What just happened: Your server now silently drops any incoming connection that isn’t SSH, HTTP, or HTTPS. Port scanners and automated attacks will hit a wall.
Common UFW Commands
| Command | What It Does |
|---|---|
sudo ufw status | Check current firewall rules |
sudo ufw allow 8080 | Open a custom port |
sudo ufw deny 3306 | Block MySQL port (usually only accept from local) |
sudo ufw disable | Turn off the firewall (rarely needed) |
sudo ufw reset | Reset to defaults (start over) |
Step 8: Install the LAMP Stack
LAMP stands for Linux, Apache/Nginx, MySQL, and PHP — the four software components that work together to serve web pages. Ubuntu is the Linux, Nginx is the web server, MySQL is the database, and PHP is the programming language that WordPress runs on.
We already handled Linux (that’s the OS we’re on). Now we install the other three.
Install Nginx
sudo apt update
sudo apt install nginx -yStart and enable Nginx:
sudo systemctl enable nginx
sudo systemctl start nginxVerify Nginx is running:
nginx -vNow visit http://your-vps-ip in your browser. You should see the Nginx welcome page. If you see this, Nginx is working.
Install MySQL
sudo apt install mysql-server -yRun the secure installation script:
sudo mysql_secure_installationAnswer the prompts as follows:
- VALIDATE PASSWORD PLUGIN: Press
yto enable, then choose strength level 0 (lowest, for development) or 1 (medium) - New password: Enter a strong MySQL root password and confirm
- Remove anonymous users?:
y - Disallow root login remotely?:
y - Remove test database and access to it?:
y - Reload privilege tables?:
y
Verify MySQL is running:
mysql --versionInstall PHP
sudo apt install php-fpm php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc -yVerify PHP is installed:
php -vYou should see PHP 8.1 or newer.
Verify Everything Works Together
Create a quick PHP test file:
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.phpVisit http://your-vps-ip/info.php in your browser. You should see a PHP information page. Delete this test file after confirming it works:
sudo rm /var/www/html/info.phpYour LAMP stack is now fully installed and running.
Step 9: Install WordPress (Optional)
If you’re setting up a WordPress site on your VPS, here’s how to do it. If you’re installing something else, skip this section.
Download WordPress
cd /var/www/html
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -xzf latest.tar.gz
sudo mv wordpress/* .
sudo rm -rf wordpress latest.tar.gzSet Permissions
WordPress needs to be able to write files:
sudo chown -R www-data:www-data /var/www/htmlThis makes the Nginx user (www-data) the owner of all files in the web directory.
Complete Setup via Browser
Visit http://your-vps-ip in your browser. WordPress will show its famous 5-minute installation wizard.
You’ll need your MySQL database credentials from Step 8:
- Database name:
wordpress - Username:
root - Password: the MySQL root password you set
- Database host:
localhost - Table prefix:
wp_(default)
Follow the on-screen prompts. Once done, log in to http://your-vps-ip/wp-admin — your WordPress site is live.
Step 10: Install Fail2Ban
Even with SSH keys and a strong firewall, your server will be scanned constantly. Fail2Ban automatically blocks IP addresses that fail to authenticate too many times.
Install Fail2Ban
sudo apt install fail2ban -yEnable and Start
sudo systemctl enable fail2ban
sudo systemctl start fail2banVerify It’s Running
sudo systemctl status fail2banYou should see “active (running)” in green.
What Fail2Ban Does
By default, Fail2Ban monitors SSH login attempts. If an IP address fails to authenticate 5 times within 10 minutes, Fail2Ban bans it for 10 minutes. This doesn’t require any configuration — the defaults are sensible. Fail2Ban runs silently in the background and will block automated attack attempts without any ongoing attention.
Step 11: Set Up a Swap File
If your VPS has 2GB of RAM or less, a swap file is essential. Swap is disk space your server uses as virtual memory when physical RAM runs out.
Check If You Already Have Swap
sudo swapon --showIf the output is empty, you don’t have swap configured yet.
Create the Swap File
sudo fallocate -l 2G /swapfileThis creates a 2GB swap file.
Configure Swap Permissions
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfileMake Swap Permanent
Add the swap file to /etc/fstab so it activates after every reboot:
echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstabVerify Swap Is Active
sudo swapon --show
free -hWhen to use more swap: If you’re running into out-of-memory errors frequently, you either need a VPS with more RAM or to add more swap space. 2GB is usually sufficient for a light WordPress site.
Keep Your Server Updated
Keeping your server updated is ongoing maintenance. Security vulnerabilities are discovered regularly — updating patches them.
Manual Updates
Run this regularly (weekly is a good rhythm):
sudo apt update && sudo apt upgrade -yAutomatic Security Updates
For servers you don’t want to log into weekly, set up unattended security updates:
sudo apt install unattended-upgrades -y
sudo dpkg-reconfigure unattended-upgradesSelect “Yes” to enable automatic updates. Ubuntu will now automatically install security patches in the background without interrupting your server.
FAQ: Common Questions
How long does the full setup take?
Plan for 45-90 minutes for a first-time setup. Steps 1-8 (buying VPS, SSH, security) take about 30 minutes. The LAMP stack installation takes another 15-30 minutes. Subsequent VPS setups take about 20 minutes.
Can I use a different Linux distribution instead of Ubuntu?
Yes, the concepts are the same across distributions, but the specific commands differ. Debian is most similar to Ubuntu. Fedora uses dnf instead of apt. CentOS/AlmaLinux uses yum/dnf and has different firewall defaults.
What if I lock myself out via SSH?
Use your VPS provider’s KVM console or VNC. Connect through the provider’s dashboard as if you had a monitor plugged directly into the server. From there, you can edit /etc/ssh/sshd_config to re-enable password authentication and recover access.
Do I need a static IP address?
Yes, your VPS needs a static IP. All major VPS providers assign a static IP by default. If your VPS IP changes unexpectedly, update your DNS A record immediately.
Can I host multiple websites on one VPS?
Yes. You can host multiple domains and websites on a single VPS by setting up Nginx server blocks (virtual hosts). Each domain gets its own configuration file and document root.
What’s the difference between shared hosting and VPS?
| Shared Hosting | VPS | |
|---|---|---|
| Resources | Shared with 100s of other sites | Your dedicated slice of CPU/RAM/disk |
| Control | Limited by host | Full root access |
| Performance | Depends on neighbors | Consistent and dedicated |
| Cost | $2-10/mo | $6.49+/mo |
| Skill required | None | Basic command line |
Is Ubuntu 22.04 still supported in 2026?
Yes. Ubuntu 22.04 LTS receives security updates until April 2027. You don’t need to upgrade yet — and shouldn’t on a production server without good reason.
Take the Next Step
Your server is now set up, secured, and running. You have a live VPS that you fully control — ready for WordPress, a custom web app, or whatever you choose to build.
Hostinger’s VPS plans start at $6.49/mo with KVM console access included — the safety net that lets you recover from any mistake. If you’re ready to get started, here’s what to do next:
- Choose a VPS plan (2GB RAM minimum for WordPress)
- Set up your server using this guide
- Install WordPress or your preferred application
Disclosure: Some links on this page are affiliate links. If you purchase through them, I may earn a commission at no extra cost to you. This helps support my testing and reviews.