Is a Wordpress website for example less likely to get hacked if it is on VPS than on shared webhosting? What about dedicated server?
Assume all other things being equal, and Wordpress is up to date, etc.
Many factors in play…
On a shared host there could be hundreds of sites and users, so there is more that can go wrong. However, the host may have the server well managed. Still, a zero day wordpress exploit, for example, could take down the whole server.
A VPS is similar but fewer users, and fewer still with larger plans.
Dedicated can be the most secure IF the server is getting upgrades and security audits, and well managed overall.
Hello,
It really boils down to who’s managing the VPS. If you purchased a shared account from a reliable company the server should be monitored 24/7 but if you have a VPS and not the time to monitor it there is a higher chance that something will go wrong or there is a vulnerability.
Jack
Theres a lot that will dictate if a site will get hacked - software status for example.
Having a VPS or Dedic, the updates are much more in your hands - so you can update things like vulnerable software and make sure its up to date. This is much better than a shared server where the hosts don’t tend to update software often.
I took for granted that you want comparison whether VPS is safer than Shared Hosting.
So, it really depends on many factors - for instance - if you are not that familiar with administrating OS, then you might end with an VPS that is not up-to-date or not that well configured from security perspective.
Being on Shared Hosting however has its own security issues - for instance you might not want to have folder permissions like 777 at all, also - the other users of the shared hosting server may host some kind of vulnerable software that eventually can affect other users or the whole server.
If you think that you are having the right knowledge for managing VPS, then VPS is better choice, but be aware!
Also, Shared Hosting is not that bad idea - meaning that it is cheaper, and after all will be just one Wordpress site. Having a frequently backups should keep you out of risk as you will be able to restore your site if it becomes hacked.
For me, a VPS or dedicated server will be more protected against an attack such as DDOS compared to a shared hosting plan. For VPS specifically for me, I got a managed plan so my host does the updates for me to keep everything clean.
Shared hosting will probably be less updated which could be an issue. Also one attack on the whole server hosting the shared hosting accounts could crash the whole spectrum.
Shared hosting does indeed tend to be less up to date than a DIY / Managed server - partially on the grounds of “if its not broken… don’t fix it”. I tend to keep my servers as up to date as I can, however, I know some people who won’t update a live server from the point its put into production, which can be disasterous - you need to make sure updates are done, no matter what server you pick.
Shared hosting generally suffers from a far higher incidence of issues caused by other users e.g files overwritten due to incorrect permissions, ftp accounts hacked. A VPS has isolation at an operating system level so is less susceptible to these type of issues (particularly xen based vps).
Yes, that’s what I’m thinking. It’s the extra isolation of VPS that would make me think it is more secured. Since I’m not a system administrator, I would get the managed VPS so the host can keep the server updated for me.
What is a good VPS host?
With most VPS , you are still responsible to update the OS. VPS is no different then Dedicated server when it comes to the OS.
Only difference is if hardware is dedicated 100% to you (dedicated) or shared by others (VPS). AS far as the OS goes with VPS it behaves like it is on Dedicated server.
Yes, a VPS will give you the advantage that only your code has access to the “server”, however, there is the risk that the host server could be compromised but this should be far less of a risk than the host of a shared server.
Its relatively easy to keep a VPS up to date yourself, most Linux distros now have package management systems that can be updated in one command (yum update / apt-get update)
With a shared server, the host will regularly take care of any tweaks and security patches. If you opt for a VPS or a dedicated server make sure you use a fully managed service. With Wordpress of course it is important to use the updated version.
Some shared server hosts do not do anything to their servers, they set them up, fill em up wiuth users and just leave them - “if it ain’t broke, don’t fix it”. I’ve seen some that are horrifically out of date that recent scripts just won’t work.
Short answer: no.
Long answer, there are more variables at play. A poorly managed VPS can be just as insecure as anything else. Also, even the most secure server cannot protect poor code or, with Wordpress, old code.
Quite surprising. It is very important to use the latest versions of the standard server side scripts/applications on a server.
@ChrisWiegman - yes indeed. That’s the reason a user must always opt for fully managed servers. Make sure the host isn’t charging you for managing the servers.
I believe that most of hacks take palce because of holes in web application.
Or trojans on the PC. I do not believe that can happen on the side of the server or VPS.
I completely agree - it is very important, and something i take pride in with all the servers that i manage. However, I’ve had to deal with plenty of the shared servers for clients where by the ‘latest’ version of PHP installed was still 4.x, or mySQL 4.x. Last year i even dealt with one still running mysql 3!
Some hosts do update, some are horrific at it.
MySQL 3? 
In general it is important to keep your applications up to date. Use strong passwords and have a data backup.
This is clearly not the case if you get a fully-managed VPS. For un-managed ones where you have to manage it yourself, you are responsible for the updates but with managed servers you get all of that taken care of.
That’s right, with a fully managed server your host will take care of OS updates as well. With a fully managed server you can take care of the hosting/application and have your host take care of the server.