Additionally you can use Tailscale for added convenience. Tailscale is a payed service, for a simple home server you can get away with the free plan and their mobile apps work rather well.
Not affiliated with Tailscale at all just shouting them out because they do make things very easy and I often recommend them to hobbyist.
Because wireguard is UDP and only responds to valid requests, there isn't any open port from the outside. Not even ssh.