Alright everyone, thank you so much for your thoughtful recommendations! To sum it up, here’s what I have done:

• I used let’s encrypt’s Certbot to get my SSL certs and setup https, auto-renew every 3 months and I setup a reminder to update Certbot every month.
• I setup a permanent redirect from http to https in Apache
• I installed a firewall on the Pi, only 80, 443 and [22 from my computer to the RPi] are open. I couldn’t find the firewall settings on my router but I assume they exist since I had to forward 80 and 443 there.
• installed the following plugins: WordFence and WP Fail2Ban
• changed the user password on the pi to a better longer one

I think I should be all set, shouldn’t I?

Sweet thanks! Will add that ASAP

Noted ! I’ll make sure to set https up.

Tbh, I haven’t heard the word firewall since probably 2005… would my router have a firewall built in or is that something I need to add on, let’s say, the RPi ?

What does WordFence provide that makes it a must have?

Wow lots of info. I’ll check all of this out. You have a good point that I don’t need wordpress. Hugo looks interesting, thanks for the advice!

And yes, as said above, I’ll look into the free SSL certs to setup https.

Your first point is a good point. I guess it’s ok for now if my rough location is accessible. It’s not like my art is worth anything.

Regarding upload speed, yeah I know it could become an issue but since it’s just a portfolio website, I don’t expect more than a dozen visits a month.

Thanks, I’ll look into it. I didn’t know there were free SSL certs out there