The default port Webmin & Virtualmin listen to is port 10000. Many security professionals believe that changing the default ports of well-known services (e.g. SSH at port 22) to a different port does nothing to make the server more secure.
In a way, they are correct, but nevertheless, there are many benefits of changing the default ports of the well-known “admin” services – such as Webmin/Virtualmin and sshd. The most important benefit is that it discourages automated scanners – usually run by script kiddies looking for systems to exploit. These automated scripts will usually “move on” to another target if the known-ports are closed, e.g. if port 10000 is closed (i.e. Virtualmin listening at a different port, say, 10101), the automated script will then go on to another target in the list.
This saves resources on your server because usually, these automated scripts will follow up with a password cracker/brute-force attack to try to guess the passwords if it finds the port 10000 open (i.e. Webmin/Virtualmin is running on that port). This cause un-necessary stress on the server. Furthermore, if the administrator’s password is weak, there is a high probability that the brute-force password attack may work.
So, for those reasons, I would say, take a couple of minutes to change the default port of your Webmin/Virtualmin server.