This is very, very, very bad advice. A non-standard port is not a defence. It’s not even slightly a defence.
Did I at any point in my previous comment say that using non-standard ports was my only line of defence ?
Its security through obscurity, which puts you out of view of the vast majority of the chaos of the internet. It by no means protects you from all threats.
Correct. From what I understand, Shodan has had for years a search feature in their paid plans to query for "service X listening on non-standard port". The only sane assumption is that any half-decent internet-census[tm] tool has the same as standard by now.
If you do any npm install, pip install ..., docker pull ... / docker run ... , etc in linux. It is very easy to get compromise.
I did docker pull a few times base on some webpost (looks reasonable) and detect app/scripts from inside the docker connect to some .ru sites immediately or a few days later....
I do this too, but I think it should only be a defense in depth thing, you still need the other measures.
I know port scanners are a thing but the act of using non-default ports seems unreasonably effective at preventing most security problems.