First, let me just say that I'm tech savvy, but I'm self taught for the most part. I never studied cybersecurity or network security. I know the basics, but not the nitty-gritty.

I used to host my own Anytype Server (note taking app) on my raspberry pi. To do this, the documentation says that I need to open two ports, one TCP and another UDP. So that's what I did, and had it set up this way for a while now.

Yesterday though, my raspberry's microSD died. So while I wait for the new one to arrive, I'm taking the chance to review my home network settings.

I closed off a third port that I had for my synology server (for the OpenVPN). I am now using Wireguard (with Tailscale) which doesn't require opening ports. And since my raspberry is offline, I also turned off the other two ports (as of now, I have none opened)

So here's the thing: I remember from my searching that a lot of people are strongly averse to opening ports. Iirc, the basic idea is that if a bad actor knows my home IP and which ports are open, they can enter. So, in theory, a hacker could potentially infiltrate my raspberry pi - and from there potentially wreak havoc in my other devices.

So my questions are:
1- Is it really like that? Could a hacker gain unlimited access to my raspberry via an opened port?
2- If yes, is there something that I can do to strengthen my raspberry pi security?
3- Am I being overly paranoid by worrying about this, even if it’s theoretically possible?