Encrypt the wallet. Do not allow anyone else to access the VPS. If you can, you should put an IP whitelist so that only your ip address can access the VPS.
The white list IP is pretty important. But if your computer get's compromised and it's on that IP... can lead to bad things. If you throw a VPS up it is really a hot wallet as it's connected to internet full time, that does not excite me on wallet.
Is there any reason you have to use a hot wallet? I guess what is project?
White list IP's? There are ways around that. Slightly time taking, but easily scriptable. If I were facing a server with such a feature, I would create a script to try pinging the server with spoofed IP's, through the whole range. As soon as I see it respond to my ping, I'll find the IP that works and continue my attack.
The best idea would be to keep the wallet offline, completely offline. And even THATS not 100% secure. There are too many exploits, 0days etc in the wild to be hosting Bitcoin wallet files on a device that is connected to the Internet.
If you insist on a hot-wallet, use strong encryption. Never store the password online. Don't write it down, if you do, write it and immediately hide the piece of paper somewhere. Also, have multiple copies of the wallet. So as soon as an attack occurs, you at least have an opportunity to move funds to another address before the attacker.
Good luck!