Alright everyone, thank you so much for your thoughtful recommendations! To sum it up, here’s what I have done:
- I used let’s encrypt’s Certbot to get my SSL certs and setup https, auto-renew every 3 months and I setup a reminder to update Certbot every month.
- I setup a permanent redirect from http to https in Apache
- I installed a firewall on the Pi, only 80, 443 and [22 from my computer to the RPi] are open. I couldn’t find the firewall settings on my router but I assume they exist since I had to forward 80 and 443 there.
- installed the following plugins: WordFence and WP Fail2Ban
- changed the user password on the pi to a better longer one
I think I should be all set, shouldn’t I?
Maybe the “let me fuck shit up and shoot up my high-school” crowd doesn’t really care about being remembered as heroes but what would I know.