You are on the right track. Putting your WordPress sites under the control of the LEMP (Linux, Engine X, MySQL and PHP) Stack, managing it all with Easy Engine and asking about how to secure your server, instead of just securing WordPress is a good place to start.
Question #1: What does security mean to you?
Question #2: To what extent will you go, to achieve that meaning?
Even satisfying your own meaning of “security” can be maddening, costly and time consuming.
- Start with the WordPress Codex itself: http://codex.wordpress.org/Hardening_WordPress
- Try this link at: http://bamajr.com/wordpress/basic-wordpress-security-recommendations/ from my website. Read the article. Then read additional information by following the links provided in that article.
Many, many opinions exist on how to harden (or secure) WordPress. My opinion is kind of a hybrid from many of the opinions provided by “those in the know” (I.E. WordPress, Sucuri & others), as well as the many years of experience I have in web development and server admin.
In the end, though, Mine is just another opinion. So take it for what it is