Why You Should Change the Default RDP Port (3389) on Windows Server
Port 3389 is the default port used by the Remote Desktop Protocol (RDP) on all modern versions of Windows for remote access.
If Remote Desktop is enabled, the system will listen for incoming connections on this port. Since it's widely known, it becomes a common target for automated attacks such as bots and brute-force scripts scanning public servers.
Risks of Using Default Port 3389
- Brute-force attacks: without an account lockout policy, attackers can endlessly guess passwords until they gain access.
- Account lockouts: even failed attempts can lock out accounts, causing service disruption.
- Performance impact: repeated login attempts consume CPU and may lead to denial-of-service (DoS) conditions.
You may observe multiple Event ID 4625 entries in the Windows Event Viewer during an active brute-force attack.
How to Secure RDP: Change the Default Port
One of the easiest ways to reduce automated attacks is by changing the default RDP port.
1. Open the Registry Editor
Run regedit a
