I can't imagine that the process level is an issue here – we're not talking military, do we?
Other than that, prefer zero-knowledge designs and you can often reduce to the danger of vandalism. Have a friendly hoster and/or backups for that case.
While not military, most websites handle some kind of personal data (even IP addresses count as such for GDPR purposes) and a large chunk of the world has regulations that impose penalties or at the very least requires disclosure (bad PR) for data breaches.
Considering how easy and relatively cheap it is to get your own dedicated bare-metal server, I don't see any reason to bother with shared hosting anymore.
Other than that, prefer zero-knowledge designs and you can often reduce to the danger of vandalism. Have a friendly hoster and/or backups for that case.