>> a non-standard port for SSH
This is very first thing I've done on every server or VPS I've spun up in the past couple of years. Makes a huge difference. The first time I switched off of port 22 for SSH I went from almost 10,000 attempted logins on port 22 on one day to 0 on the new port the next day.
Also really like CSF as a firewall setup tool.