DirectAdmin VPS Setup Guide

Install, Configure, and Run a DirectAdmin VPS
enable security txt rfc9116 on a directadmin vps

Enable Security.txt (RFC 9116) on a DirectAdmin VPS

Written by
Jeffrey Thomas Baygents
documenting DirectAdmin VPS and self‑managed hosting systems.
Published: January 23, 2026
Updated: January 23, 2026
Comments: 0

This checklist enables security.txt (RFC 9116) on a DirectAdmin VPS. This is a one‑time, server‑level configuration that applies to the DirectAdmin user framework and automatically extends to all current and future domains.

Although this step is often performed after initial domain and mail setup, it only requires the Account Domain to be in place and can be applied at any time thereafter. Administrators are rarely “finished” adding or modifying domains, and enabling security.txt early ensures consistent disclosure coverage without waiting for domain work to be complete.

Scope and sequencing

  • Performed once per DirectAdmin VPS.
  • Automatically extends to all current and future domains.
  • Requires DirectAdmin admin‑level access.

If domain DNS, SSL, or mail authentication is still in progress, stop and complete those steps first.

Enable security.txt for DirectAdmin users

  1. Log in to DirectAdmin as admin.
  2. Navigate to Account Manager → My Users.
  3. On the right pane, click Modify Your Own User Data.
  4. Under Change Package, set the package to the appropriate user package.
    • This ensures the setting applies only to that user package.
    • On single‑user‑package licenses, this option is disabled by design.
  5. Under Change IP, set the IP to the applicable server package.
    • This ensures the setting applies to the licensed server.
    • On single‑server licenses, this option is disabled by design.
  6. Scroll to the Manually Change Settings section.
  7. Set Automatic security.txt (RFC 9116) to Enabled.
  8. Click Save.

Verify security.txt status

  1. From DirectAdmin, go to Server Manager → Security.txt Report.
  2. Confirm all domains show valid status (green check marks).

Validation is applied per domain and typically completes within 1–3 minutes per domain.

Public availability confirmation

The security.txt file is publicly accessible on every hosted domain at:

  • https://<any-domain>/.well-known/security.txt

Operational notes

  • No per‑domain configuration is required.
  • No application‑level files are created or managed.
  • Future domains inherit this automatically.

Next step:
• Install Softaculous (optionally)
• If not done yet, create VPS System Backup (one-time safety checkpoint)
• If additional domains are planned, continue with adding another domain to the DirectAdmin VPS.
• Otherwise, transition into Maintenance & Operations for ongoing server management.

Leave the first comment

This site is protected by reCAPTCHA and the Google Google Privacy Policy and Google Terms of Service apply.

© 1996-2026 Jeffrey Thomas Baygents. All rights reserved.