Because if my router factory resets, the ports are closed
The more open ports, the larger the attack surface.
That’s all.
And today with the script kiddies out there, port scans happen all the time.
I’ve had a consumer router become almost useless from all the attempted connections on an open port someone found that I had up for a week.
Months later I’d still get hits on that port though it had been closed.
Your router doesn’t save your configuration? Port forwarding settings should not be affected by a router reset.
There are ~50,000-60,000+ available IP ports. If you had Wireguard configured correctly and running on every single one of them a port scanner would get exactly the same result as if every port was closed. Wireguard is completely silent unless the correct key is provided.
The “script kiddies” could scan every port for months and they’d get the same result. There is known no way to even know there’s an open port much less know that Wireguard is running on it AND have the correct key for access.
I understand being gun shy after your experience (I would be too), but that experience has nothing to do with opening a port for Wireguard.