The first thing you should do is to insure you have SSH set up for your entire web server and no non HTTPS traffic is permitted.
The second thing you must do it to set up basic apache2 security to require an
htpasswd user id and login for basic authentication access to your web server.
The third thing you must do it so set up
iptables so only the handful of IP addresses you control are permitted to even connect to the web server.
These are the bare minimum requirements.
Then, on the PHP side, you do not need to use
sudo if you set it up correctly. No good web server admin sets up their web server with the user id of the web server (in your case
www-data) in the sudoers file. There are better and more secure ways to do it.... but as you said, you don't care about security, so why should we waste our time.
There is no excuse for setting up apache2 and PHP on a LAMP server in an insecure way; when it can easily be done securely and correctly.
One last point, I'm not angry in the least. I don't have emotions when others do things wrong or in a very insecure way on their servers. In fact, after decades on the net, I don't get angry, upset, or have any emotion about anything in these or other forums or sites; but we admins and moderators will enforce rule violations, and so far you have not broken any rules, LOL . Thank you for always following the forum rules. Much appreciated.
In general, I am concerned about cybersecurity, professionally speaking.
Cheers and good luck!
PS: If you truly have a web server where you do not care in the least about security, then just set up
apache2 to run with the userid of
root and not
www-data and be done with it. LOL.... then you can do whatever you want, insecurely as you like
Easy.