@Victor-Tagayun I don't know specific guides, this is more about experience with the services and reading man pages.
Notice that you want to embrace a lot right now, you may desperate in some point. Hang on there.

Remove console: The default web pages the Omega2 comes with are stored in some .../www directory, and the web server will have some info about the webpage to serve. All that may come in the docs, find them (you may encounter them while setting your own web) and then delete them, because if they are still up, someone from the internet could attack your Omega2 through the onion console. SSH no root login: ssh service must have a configuration file, for example in /etc/ssh.conf (I don't know if that is the file). Inside it, many parameters for the service, like the port to listen to, the possibility to login with name and password, if that login can be the user root, etc. The idea is that nobody can access as root from the internet, neither you, use serial to act as root. Also the web service shouldn't run as root, that's why you add another user, for example omega, with less privileges.

Search google topic by topic, "ssh non root login", "linux add new user", "web service firewall recommended configuration", etc.