@Hari understood, but you should consider the basics which always work well if they are configured properly before taking the plunge into what cloudflare offer in terms of tunnels. It’s also perfectly feasible to create an SSH tunnel to access VirtualMin from the web GUI.
A much better method of security would be to place VirtualMin (the admin GUI interface) in an internal virtual adapter that is only accessible when using a VPN. This means that without accessing the VPN first, you cannot use the VirtualMin GUI.
It’s explained here in terms of setting up OpenVPN on VirtualMin/Webmin
Also, don’t be under any illusion that this will prevent a DDoS attack against your site. In most cases, the site itself is leveraged in the attach to overwhelm the server hosting it. There are numerous techniques you can deploy - I’ve of them being Fail2Ban which is actually installed with VirtualMin and ready to configure - and it’s working out of the box once VirtualMin is installed.
Clearly you don’t want to be putting your actual website behind a VPN. That would be little and would make your site fall into the deep web classification in the sense that it would never be crawled, meaning no SEO which I know is important for you.
It would be worth checking what your hosting provider has in terms of DDoS mitigation and if that extends to your VPS. In most cases, the host can prevent a raft of attacks from even hitting your server directly.