The question is how do I best secure the database itself?

There is no universal answer since it depends on what you are securing the database from. (What is your threat model?)

Not serving the database file itself for everyone to download as a static file is a great first measure. But what is the password supposed to protect from? Other users on the same server? That should be handled by file ownership and permissions provided by the operating system. Hackers with access to files belonging to the web server? They would just read the password from the same place the web server reads it from to serve the database content.

Nevertheless, if you do have a use for database encryption and you don't have the budget for $2000 SEE, another option to consider is free SQLCipher.