These are a few measures you can take to maintain and secure your server. Many of these features are already handled automatically (iptables/web ui password), while some require the server to have booted for the first time (MySQL password, hosting websites).
MySQL root password
The MySQL password is not set by default (blank), and can only be set when the MySQL daemon is running (upon first boot). Instructions to secure or disable MySQL
Changing the web-ui password
You can change the web-ui password at any time.
Using RSA-key to log into SSH/SFTP
For additional security, or to employ password-free SSH/SFTP logins, you may opt to generate a public/private RSA-key pair for puTTy/SFTP.
iptables filters inbound and outbound traffic by a sequence of rules. These rules are to prevent undesired traffic from being responded to, helping defend against DOS attacks and to prevent unauthorized access (such as permitting SSH connections only from an IP address/range).
Minecraft related cron-jobs can be managed from the web-ui, such as backup, archiving, mapping, as well as [onreboot] restoring and server starting. For any other tasks, you will need to create a cron script yourself. For your benefit, creating crontabs has been greatly simplified.
Hosting a Website
The most common web-language on Linux servers is PHP. With Hiawatha webserver and PHP, you can easily host forums, image galleries, and countless other website features to your server. Provided are instructions to enable PHP.