I get that popularity comes with problems, but I don't see how the attack surface is any larger than a normal website?
It looks like the entire site is implemented in Javascript, which tries to fetch resources from various HTTPS URLs, some of which are configured to serve only over IPv6, others only over IPv4. But that just requires configuring a normal webserver to serve regular HTTP traffic, which is the bare minimum exposure to exploits any website has.
What I actually said is that it's a chore to run a small website, and that applies even to a simple static site (although you're right, way more if your site runs backend scripts). Bad actors are still going to try to DDoS you, attack your static webserver, and send you entitled emails.