Be sure to use a passphrase

And why exactly is that more secure?

Welcome to the internet! Your system will get probed. Make sure you run as little as possible services on open ports and only high quality ones such as OpenSSH. Don’t freak out because of your logs. You’re fine as long as your system is up to date and password login disabled! Don’t listen to the fail2ban or VPN crowd. Those are only snake oil.

A VPN is probably just as (in)secure as OpenSSH. There is no gain in complicating things. OpenSSH is probably one of the most well tested code for security around.

Public ssh is completely fine as long as you use key based auth only and keep your sshd up to date. Stop spreading bullshit.

Cookie banners are not mandated by GDPR. It’s an unrelated piece of law.

Welcome to the internet. You will be probed. Just as your immune system, or rather your body, is being probed.

Just don’t run broken software. The attackers will not be able to exploit you then. If they have zero day exploits, the WAF will most of the time not save you since they are often pretty easy to circumvent. WAFs are only effective against old and shitty exploits that should be patched anyways since ages.

Wafs don’t make you safer but create unnecessary attack surface. Just keep your machine and services up to date.