Sounds like changing the port is treating the symptoms of the underlying logging problem you're having.
If you are open port on 80, someone will try /wp-admin on your server even it is a nodejs application.
Whether it makes sense or not, whether it is possible to success or not do not matter. Most scanner just default to do this.
The problem isn't password logging, because they can't success. The problem is log spam.
If you open service on these, you are going to have log spam from random ip source.
Sounds like changing the port is treating the symptoms of the underlying logging problem you're having.