Read up on “accessing xampp from internet”. But, think of it as leaving a big sign over your house saying “please come in and rob me”, so implement every security precaution you can find in these results.
I will be doing the same, while I am testing, but once it’s live it really should be on a real server managed by people who’s job is keeping the server secure.