Home / Blog

How to change default RDP (Remote Desktop Connection) port in Windows Server

Tutorial

By default, Windows VPS uses port 3389 for Remote Desktop Protocol (RDP).

The problem?

🚨 Port 3389 is the most scanned port on the internet.

Changing your RDP port significantly reduces automated attacks and login attempts.

In this guide, you’ll learn:

  • Why you should change RDP port

  • How to change it safely

  • How to configure Windows Firewall

  • How to connect after changing

  • Troubleshooting tips

πŸ” Why Change the Default RDP Port?

Default RDP port: 3389

Bots scan this port 24/7.

Benefits of changing it:

βœ” Reduces brute-force attacks
βœ” Lowers event log spam
βœ” Adds extra security layer
βœ” Helps reduce support tickets

⚠ Important: Changing port does NOT replace strong passwords.

πŸ› οΈ Step 1 – Change RDP Port in Windows Registry

You must modify the Windows Registry.

Press:

Windows + R

Type:

regedit

Navigate to:

HKEY_LOCAL_MACHINE
β”” System
β”” CurrentControlSet
β”” Control
β”” Terminal Server
β”” WinStations
β”” RDP-Tcp

Find:

PortNumber

Double click it.

Change Base to:
βœ” Decimal

Enter new port number.

Example:

55900

Click OK

Close Registry Editor.

πŸ”₯ Step 2 – Create Windows Firewall Rule

If you skip this step, you will lock yourself out.

Open:

wf.msc

This opens Windows Defender Firewall with Advanced Security.

Create New Rule

  1. Click Inbound Rules

  2. Click New Rule

  3. Select Port

  4. Choose TCP

  5. Enter your new port (example 55900)

  6. Allow the connection

  7. Apply to Domain, Private, Public

  8. Name it:

Custom RDP Port 55900

Click Finish.

πŸ” Step 3 – Restart VPS

Restart your VPS from:

  • Windows Start Menu
    OR

  • Your hosting control panel

After reboot, RDP will run on new port.

πŸ–₯️ How to Connect Using New Port

In Remote Desktop:

Instead of entering:

123.123.123.123

Enter:

123.123.123.123:55900

Example:

185.12.34.56:55900

Click Connect.

Done βœ…

πŸ” Extra Security (Highly Recommended)

If you’re managing VPS infrastructure like you MVP, combine port change with:

βœ” Enable Network Level Authentication
βœ” Disable Administrator username
βœ” Create new admin account
βœ” Enable account lockout policy
βœ” Block port 3389 entirely in firewall
βœ” Enable brute force monitoring

❌ Troubleshooting

Locked Out After Changing Port?

Most common cause:

You forgot to create firewall rule.

Fix:

Use:

  • Hyper-V console

  • Proxmox console

  • VPS web console

Then create firewall rule properly.

Port Still Showing 3389?

Run:

netstat -an | find "LISTEN"

Check active port.

If still 3389:
Restart VPS again.

How to Completely Disable 3389?

In Firewall:

Create outbound rule:
Block TCP 3389

πŸ“ˆ Best RDP Port Numbers to Use

Avoid common ports like:

  • 8080

  • 8443

  • 2222

  • 21

  • 25

Choose random high port:

50000 – 60000

Example:

53892
55221

❓ FAQ Section

Is changing RDP port enough for security?

No. It reduces scanning but strong passwords + firewall are mandatory.

Can I change RDP port without registry?

No. It requires registry modification.

Does changing RDP port affect performance?

No.