DirectAdmin VPS Setup Guide

Install, Configure, and Run a DirectAdmin VPS
enable security txt rfc9116 on a directadmin vps

How to Enable security.txt on DirectAdmin VPS (RFC 9116)

Prepared by
Jeffrey Thomas Baygents
Lead Systems Engineer — DirectAdmin VPS & Self‑Managed Hosting

This checklist is how to enable security.txt on a DirectAdmin VPS (RFC 9116). This is a one‑time, server‑level configuration that applies to the DirectAdmin user framework and automatically extends to all current and future domains.

Although this step is often performed after initial domain and mail setup, it only requires the Account Domain to be in place and can be applied at any time thereafter. Administrators are rarely “finished” adding or modifying domains, and enabling security.txt early ensures consistent disclosure coverage without waiting for domain work to be complete.

Scope and sequencing

  • Performed once per DirectAdmin VPS.
  • Automatically extends to all current and future domains.
  • Requires DirectAdmin admin‑level access.

If domain DNS, SSL, or mail authentication is still in progress, stop and complete those steps first.

Enable security.txt for DirectAdmin users

  1. Log in to DirectAdmin as admin.
  2. Navigate to Account Manager → My Users.
  3. On the right pane, click Modify Your Own User Data.
  4. Under Change Package, set the package to the appropriate user package.
    • This ensures the setting applies only to that user package.
    • On single‑user‑package licenses, this option is disabled by design.
  5. Under Change IP, set the IP to the applicable server package.
    • This ensures the setting applies to the licensed server.
    • On single‑server licenses, this option is disabled by design.
  6. Scroll to the Manually Change Settings section.
  7. Set Automatic security.txt (RFC 9116) to Enabled.
  8. Click Save.

Verify security.txt status

  1. From DirectAdmin, go to Server Manager → Security.txt Report.
  2. Confirm all domains show valid status (green check marks).

Validation is applied per domain and typically completes within 1–3 minutes per domain.

Public availability confirmation

The security.txt file is publicly accessible on every hosted domain at:

  • https://<any-domain>/.well-known/security.txt

Operational notes

  • No per‑domain configuration is required.
  • No application‑level files are created or managed.
  • Future domains inherit this automatically.

Next Steps

Depending on what brought you here, you can easily return to that exact area on the page. Just, click any of these specific areas or checklist sections you recognize that led you here.

This site is protected by reCAPTCHA and the Google Google Privacy Policy and Google Terms of Service apply.

© 1996-2026 Jeffrey Thomas Baygents. All rights reserved.