Windows & RDP

Securing RDP with a non-standard port

← Back to Knowledge Base

Bots scan port 3389 constantly. Moving RDP to a custom port cuts brute-force attempts by more than 99%.

1. Pick a port

Choose something above 10000, for example 13389.

2. Update the registry

Open PowerShell as Administrator:

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name PortNumber -Value 13389

3. Allow the new port in Windows Firewall

New-NetFirewallRule -DisplayName "RDP Custom" -Direction Inbound -Protocol TCP -LocalPort 13389 -Action Allow

4. Restart the RDP service

Restart-Service TermService -Force

Important: verify you can connect on the new port (YOUR_IP:13389) before closing your current session. Afterwards, remove the old firewall rule for port 3389.

Also consider enabling Network Level Authentication (enabled by default on our images) and setting an account lockout policy.

Still stuck?

Our engineers are available 24/7 and happy to help.

Open a Ticket