A great part of VPS users run a CentOS, also a lot of real servers run CentOS nowadays. Usually this happens as CentOS users hope that it should be more stable, tested and secure then other distributions as being derived from an enterprise commercial one.
This might be true for most cases, but while developing PyHP we found a lot of “unknown mysterious bugs” that happened only on CentOS. After some investigation we found that apr_stat on CentOS always returns 0 as file size (this made quite interesting to allocate buffers or use mmap to read files) and also that bucket brigades had a strange behaviour, and as strange I mean that in some conditions they never considered terminated the request and caged the user in a wonderful infinite loop (as in “while(true)” not as teleporting the user to apple head quarters).
As a big percentage of PyHP users rely on CentOS we had to rewrite some parts to use lstat instead of apr_stat and also move away from bucket brigades to ap_should_client_block. If you are using CentOS and find any problem with PyHP try to upgrade to the latest svn trunk, also if you are using the svn trunk please upgrade to the latest one as there was a bug caused by the process of migrating from bucket brigades to apr_should_client_block that might prevent your users from being able to upload big files.
You are right. CentOS is mostly used in a production environments because it is stable and it is easy to secure.
Past days I found the article Complete CentOS secure server setup that demonstrates this:
http://www.sysadmin.md/complete-centos-secure-s…
Also, it leaves your whole blog vubenralle if it does get exploited. Since the web server can edit / change any and all files in your wordpress directory, it can be altered at will.I prefer to keep the wordpress files owned by a valid system user. (I use my system login.) When I need to update, I start my FTP server, give the WordPress web interface my system credentials, and have it update.I don’t keep the FTP server running after the update is complete.Doing it this way, if wordpress does get exploited, it limits the damage to your blog. Recovering from a break in is difficult and painful.