This is great advice. I will simply add one more thing (and two bonuses):
4. Disable password authentication for SSH and use a public/private key. Of course, use a good password on the private key.
5. (bonus) keep the installed software to the bare minimum. Less software, less bugs.
6. (extra bonus) look apache's mod_security, it's an application level firewall (filters requests to the application, so, for example, you can filter SQL injections or invalid characters before they reach your app).
4. Disable password authentication for SSH and use a public/private key. Of course, use a good password on the private key.
5. (bonus) keep the installed software to the bare minimum. Less software, less bugs.
6. (extra bonus) look apache's mod_security, it's an application level firewall (filters requests to the application, so, for example, you can filter SQL injections or invalid characters before they reach your app).