Can I have Wordpress site isolation to prevent sites being compromised?


I currently use another hosting service (unlimitewebhosting) to host my Wordpress sites (around 8 currently).

From time to time they the Wordpress sites have been compromised and whilst I have tried to stop this happening, I am losing the battle. The issue is that once one of the sites in the shared hosting is compromised, all the others are being compromised too.

Is there a way of setting up Wordpress in an iscolated manner on Digital Ocean so that one site being compromised won’t affect all the others?

Is there anything that DO can do to help prevent the sites being compromised?



This isn’t a shared hosting environment. With that being said, DO can’t do anything for you directly, because you control your server.

What I would do, if I was in control of all facets of the sites is this:

  • change all file permissions to 644 (you should do this anyway)
  • change all folder permissions to 755 (you should do this anyway)
  • change ownership to some other user (not apache/www-data) that’s not root
    • this will stop file modifications
  • when I need to make a change/post, change ownership back to apache/www-data

A simple enough script to do this:


### Change the user to an existing user
### To create a new user, run this:
###		useradd USER_NAME_GOES_HERE

### Change to the directory that houses your sites, if not /var/www/

if [ -d /etc/apache2 ]; then
if [ "$1" = "" ]; then
	echo "Usage:"
	echo "		$0 [lock | unlock]"
	case $1 in
			chown $user:$user $web_path -R
			echo "Files now locked, and ownership set to $user"
			chown $web_user:$web_user $web_path -R
			echo "Files are now unlocked and ownership set to $web_user"
			echo "Invalid operator."
			echo "	Usage:"
			echo "		$0 [lock | unlock]"

Just copy this, paste it in a new file, then upload it to your server. Once it’s been uploaded, just make it executable:

chmod +x

Now, to run this:

./ lock


./ unlock

Edit Added catch-all to case statement Edit 2 Forgot to add “fi” after getting the web user.

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Thanks for the suggestions.

I really like the idea of serverpilot…it seems like a great solution. As suggested, I will try it out


The issue is that once one of the sites in the shared hosting is compromised, all the others are being compromised too Then it’s not wordpress that was compromised but your server. If you host your wordpress sites on digitalocean then I recommend to sign up for a free plan with serverpilot ( They will take care of your droplets security (for free) while you can focus on your business.