VPS Security Setup

I a new to VPS. Can anyone confirm if these measures are enough for a basic 100-users commercial application?

  1. Disable all ports except 22, 80, and 443
  2. Disable root login via SSH (create and give another user sudo access)
  3. Change SSH default port from 22 to something else
  4. Disable IPv6 (if not used)
  5. Change passwords regularly

What else can be done to enhance the security?