Hello. I’m pretty new here.
I just managed to get my Raspberry Pi setup at home to selfhost a simple website that will act as my portfolio for some art I do.
I’m using WordPress to make the content of the website, meaning it runs on Apache, MariaDB and MySQL in the background.
It’s connected via port 80 since I don’t want to pay for SSL certificates to setup https. There will be no accounts or transactions happening on my website.
I don’t have anything to manage my dynamic IP but I’ll figure that out later.
I’ve deleted the default Pi user on the RPi.
Are there security issues I should address preemptively?
I’m worried for instance that I am exposing my home network, making it easier for someone to breach into whatever is connected there.
Tbh, I haven’t heard the word firewall since probably 2005… would my router have a firewall built in or is that something I need to add on, let’s say, the RPi ?
Your router probably does have one, but your end devices should too. If your router is some piece of trash ISP-supplied one, it might not even have a firewall for IPv6 (if it even supports IPv6 at all).
I would add from an end-user privacy perspective, they might want HTTPS. If I hit a website not using HTTPS, I pretty much immediately back out. Bad actors like hostile governments and hackers can use seemingly meaningless data against you.
I can’t remember exactly what happened but I remember back when WebMD was fighting against rolling out TLS hackers were able to find medical weaknesses against people.
Not too mention the scary browser warnings. It's not a good look tbh if this is your portfolio. Lots of great considerations and tips here already though.