This document is only basic setup to be happy starting securing the server and site
I give of course no guarantees for anything, everything is hackable.
Install iptables
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewal...
and fail2ban
https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with...
https://www.digitalocean.com/community/tutorials/how-to-protect-an-apach...
For drupal-7, in web-root folder
drush7 pm-enable path2ban fail2ban spiderslap robotstxt
rm robots.txt
Add 2 factor authentication for SSH, in addition to passwords and/or ssh keyfiles
http://messageswitch.com works perfectly for SSH
For drupal add recaptcha
drush7 pm-enable recaptcha
For drupal add two factor auth
drush7 pm-enable tfa tfa_basic
For drupal add honeypot