How to secure remote desktop
If your Remote Desktop (RDP) server is being targeted by automated login attempts (brute force attacks), your Windows user account may get temporarily locked due to too many failed login attempts.
Brute force bots try to guess your RDP password. After several failed attempts, Windows will temporarily lock the user account for about 15 minutes. This can prevent even you from logging in—even with the correct password.
You can stop these attacks by applying a firewall preset that blocks all RDP access except from your own IP address.
Go to the Royale Hosting Shield Manager firewall rules page:
https://shield.royalehosting.net/firewall/rules
Navigate to the Edge Rules section.
Click "New Preset".
Select the IP of your VPS/server.
(Optional) Add a note, like “Block RDP brute force”.
From the preset dropdown, choose "Block RDP Access".
In the allowed IP list, enter your own IPv4 address.
You can find your IP address by visiting: https://whatismyipaddress.com
Do not use your IPv6 address if you connect to your server using IPv4.
Save the preset.
This will block RDP access from all IPs except yours, effectively stopping brute force attempts.
If your user account is already locked, it will automatically unlock after about 15 minutes.
In the meantime, you can still access the server using the console.
If you need help, don’t hesitate to reach out to our support team.
What’s Going On?
Brute force bots try to guess your RDP password. After several failed attempts, Windows will temporarily lock the user account for about 15 minutes. This can prevent even you from logging in—even with the correct password.
How to Fix and Prevent It
You can stop these attacks by applying a firewall preset that blocks all RDP access except from your own IP address.
Step 1: Open the Shield Manager
Go to the Royale Hosting Shield Manager firewall rules page:
https://shield.royalehosting.net/firewall/rules
Navigate to the Edge Rules section.
Step 2: Create a New Preset
Click "New Preset".
Select the IP of your VPS/server.
(Optional) Add a note, like “Block RDP brute force”.
From the preset dropdown, choose "Block RDP Access".
In the allowed IP list, enter your own IPv4 address.
You can find your IP address by visiting: https://whatismyipaddress.com
Do not use your IPv6 address if you connect to your server using IPv4.
Save the preset.
This will block RDP access from all IPs except yours, effectively stopping brute force attempts.
Step 3: Already Locked Out?
If your user account is already locked, it will automatically unlock after about 15 minutes.
In the meantime, you can still access the server using the console.
If you need help, don’t hesitate to reach out to our support team.
Updated on: 21/04/2025
Thank you!