This solution is for the 1% or the 0.1%, the vast majority who choose Linode are creating vulnerable servers because they are not going to competently keep the machine up to date on security patches or configure it properly for security.
Managed hosting is a requirement for the masses, and comparing a managed hosting service with a self-service VPS is a bit disingenuous IMO. Managed may seem more pricey, but that's only unless you don't value your own time as an administrator, or if your time isn't valuable (you're not good at it lol).
Parent comment is referring to software vulnerabilities running on the box itself, not vulnerabilities in your website. When Apache or whatever it is that you use to serve your static website comes out with a vulnerability that allows RCE as root, it becomes a problem for you, even if your website is static.
FWIW I use Namecheap / Linode myself, and will probably never go back to shared hosting. But the flip side of that coin is you do need to manage it, regardless of the website you are hosting.
> Parent comment is referring to software vulnerabilities running on the box itself, not vulnerabilities in your website. When Apache or whatever it is that you use to serve your static website comes out with a vulnerability that allows RCE as root
Or you can opt out of this mess and run a simple server. Not as root.
The update & maintenance treadmill can be slowed down to nearly a halt if you're ok using simple software that doesn't have a billion features and just as many bugs. Which, I suppose, someone running a static site would be quite willing to do.
I'm sure we all have fond memories of that time we sat our grandparents down when they wanted to make an anniversary site and explained to them how easy it was to run a simple server, after which they spun one up in a container and secured it no problem.
Little old grandma just loves ssh'ing into her pet server every day to read her system logs.
My grandmother's website for her small business was purchased via GoDaddy. This was before those commercials even started airing.
It's not a strawman at all. I am speaking from real experience, except for the part where my grandmother could tell you the difference between SSH and SSL.
Godaddy is not doing much more than auto-updating packages with security fixes. This is easily handled with most Linux VPSs (often automatically, in the case of DigitalOcean). I am pretty sure the Amazon Linux AMIs do this too on AWS EC2. And most other distros can turn this on once with one command.
I don't think GoDaddy is going much deeper than this, so security is a moot comparison between the two. In fact most sites are hacked at the application level anyway, not the system level. So the real security hole is not something on Linux, but the actual wordpress site thats installed within it. Food for thought: 83% of hacked websites in 2017 were Wordpress sites.
Source: https://sucuri.net/reports/2017-hacked-website-report
Managed hosting is a requirement for the masses, and comparing a managed hosting service with a self-service VPS is a bit disingenuous IMO. Managed may seem more pricey, but that's only unless you don't value your own time as an administrator, or if your time isn't valuable (you're not good at it lol).