In case you’re going with a manual LAMP install: [Link]
Then I advise to secure your server by enabling the firewall and installing Fail2Ban. It’s not a bad idea to change the default SSH port to something else, because you’ll already see a lot of brute force attempts few hours after setting up the droplet.
Additional steps: [Link]
Fail2Ban: [Link]
If you don’t intend to fiddle with your droplet after setting it up it’s also a nice idea to enable automatic security updates: [Link] (scroll to the bottom of the post)
P.s.: My only issue with Fail2Ban is that it stopped working after the logs rotated—happens every week by default, I think. I may have managed to fix it in my droplet, but I’m not entirely sure yet. Meanwhile keep an eye on your logs to make sure it works.