HassWP is … an interesting thing, and not even close to being an officially supported install. I am glad to see that the creator finally warns that things may not work:
Attention: Direct works in Windows is not tested by the core developers of Home Assistant. So some components/integrations may not work at all.
What they’ve skipped over is that the problem is many libraries Home Assistant uses don’t exist/work correctly on Windows. If you want to run HA in Windows then you should follow the official guides.
Yes, stopping the server is supposed to shut down Home Assistant. Home Assistant is supposed to be left running all the time. There is no separate web server, the UI is built in to Home Assistant.
For secure remote access there’s many things you can do, and there are good threads here on what that means, but:
- Use SSL
- Use a strong password and MFA
- Don’t use port 443 or 8123
- Use a proxy server for IP filtering (and more)
- Use a VPN instead for remote access
I’ve had my Home Assistant exposed to the internet following the first four points there since early 2017. I get an average of maybe one probe a year and I’ve yet to see a serious attempt, or even a generic set of exploits attempted.