Are VPS's Safer Than Shared Hosting?

I’ve seen a few people claiming that the reason WordPress websites are hacked is that they are hosted in shared hosting.
If they were on a VPS then they would be safe.

Knowing the audience of this forum, I’m curious to know your take on this claim.

Wordpress gets hacked mostly for the following reason and by the exact order :

  • Free not maintained clumsy plugins
  • Free bloated flashy looking themes
  • Nulled Plugins and Themes
  • Installing and uploading every god damn plugins that matches your search term.
  • Inexperienced System Admin. (That is the last reason)
1 Like

I wouldn’t say Shared Hosting is one of the main reasons. In fact it’s way better to use shared hosting if you don’t want to or don’t know how to secure your vps. Additionally shared hosting often uses premium control panels (cpanel,da, other non free panels) and makes use of other perks that would require an extra license on vps like Cloudlinux, Imunify, Litespeed and others. So no, imho there is no reason to stay away from a trusted shared hosting provider :slight_smile:


Shared Hosting just means, you get access to a folder, where you can upload your files, vhost etc.
There is no real layer that protects you if something goes horribly wrong.

There are some measures but its thin.
Means you do not wanna host anything important or critical on it, e.g WHCMS.

Such stuff is put at least into a KVM, which has a lot of measures but its not 100% bulletproof.
OVZ/LXC is better then SharedHosting but not as good as a KVM.

If you have the choice, go at least for a KVM or a small dedicated.
There is a reason, why private cloud exists.

Maybe in 2005, but isolation is pretty cheap these days to effect. With a VPS, unless it’s managed, you are your own sysadmin. I usually cite my playbooks that I use when printing out a server, ~11k ~13k lines of Yaml, and still a long way from complete. When you manage a server, you’re also on the hook for updating best practices. CVE-2019-11043 is an excellent example of what exactly goes wrong when you set something up without understanding what the hell you’re doing. There’s no reason to pass a request off to PHP-FPM without first stat()'ing the file in Nginx.

1 Like

If the shared hosting provider goes out of their way to prevent compromises by scanning for known vulnerabilities or known shell scripts, they can be safer than a VPS being managed by someone who isn’t doing that. The shared host is, I would suggest, more inclined to do those things because it increases capacity and decreases support tickets. The VPS provider, unless managed, feels like they’re intruding to do the same. They also have larger walls between customers (not sharing Apache instances, etc).

Otherwise on a purely technical level, neither is inherently safer than the other.


I’d say that shared hosting is generally safer than VPS if you’re a noob. All management/administration is done by webhost’s admins not you. You don’t have to care about anything: config, updates, backups. It just works out of the box. For more advanced peeps VPS is better because you can customize it for your needs and finetune security like firewall etc…

1 Like