Security Checklist for new site

Hi, first post here. I set up Mautic on DO using wget + unzip. It seems to be working well.

My question is about whether there are any guides or checklists to secure my setup? I noticed in the configuration that the default spool, log, etc directories are under web root so viewable online unless I move them.

This is easily done - I just want to ensure I don’t miss anything important. If it’s just the stuff under the configuration screen, then that shouldn’t be a problem.