Hi Matt,
That's a very interesting site but its main objective, I quote, is:
"Here are some examples of the kinds of adversaries that may pose a threat to your digital privacy and security:
- U.S. government agents that follow laws which limit their activities
- U.S. government agents that are willing and able to operate without legal restrictions
- Foreign governments
- Civil litigants who have filed or intend to file a lawsuit against you
- Companies that store or otherwise have access to your data
- Individual employees who work for those companies
- Hackers or organized criminals who randomly break into your computer, or the computers of companies that store your data
- Hackers or organized criminals that specifically target your computer or the computers of the companies that store your data
- Stalkers, private investigators or other private parties who want to eavesdrop on your communications or obtain access to your machines
This guide focuses on defending against threats from the first adversary — government agents that follow the law — but the information herein should also provide some help in defending against the others." (My numbering and text in bold.)
But as a very unimportant woman who is not a US citizen and doesn't have "sensitive data", it's adverseries 5 and 7 that worry me.
I don't imagine anyone is out to get me or the sites I run personally, it's the random attacks of bots that I fear - one of my sites (when I was not admin) was hacked twice. Once with scenes of violence which upset a number of users. I already follow the sensible advice https://ssd.eff.org/ recommends about Passwords. However, my Moodle site is regularly subject to "brute force" attacks - though don't they get anywhere. (My admin name and password are not "admin" 
.)
Am I just a nervous nelly?
Cheers,
Glenys