mvp ok. Most of this will be focused around hardening of PHP / Apache, ensuring the existence of a decent WAF (Web Application Firewall) etc. There’s a fair amount of detail around these areas so it’s difficult to come up with a single guide.
However, there are already a number of guides around varying topics of security - even something as simple as securing the web server headers properly to prevent XSS attacks for example it’s a step often missed by most.