In the following I shortly describe the procedure to harden a vanilla FreeBSD server. This is basically about securing SSH and setting up PF (firewall) to protect against possible intruders.
pkg install sudo vim tmux git mosh sshguard-pf
# File: /etc/ssh/sshd_config PermitRootLogin no AuthenticationMethods publickey,keyboard-interactive
# File: /etc/rc.conf pf_enable="YES" sshguard_enable="YES"
# File: /etc/pf.conf pf_enable="YES" sshguard_enable="YES"