What are the most often security issues with vps servers?
Ironically the most common security breach it will be a very dummy password set up for the root account.
As a best practice you should block completely the access from the internet to the server ports excepting the ones which you need to expose like 80 or 443 and you should get in with a local ip and an vpn solution or use certificates with private keys.
It's a common mistake to start a new vps server or a dedicate server and let iti with ssh access on port 22 and root password login, or maybe you will do a quick app at an hackathon and you will leave the mysql user with password: password.
Well the good guys from internet which they don't have a job they will start and scan each ip for open ports, best practice is to have a firewall in front of your vps which blocks all scanning attempts or malicious url access, or it could be a good option to use a service like cloudflare in orde to hide your real ip address.
For firewall you can use a solution like fortinet, meraki or open source alternatives which is easily to install e.g. pfsense it comes just as software with a web interface - pretty nice.
Cloudflare is good also for DDOS protection.
The internet is filled with a lot of hackers which wants to get money, notoriety or maybe you offend them with an article, each one of this are characterized by security companies and analyzed.
The criminal hacker is motivated by gaining more moneys so they will do everything what is necessary to gain access to credit cards or lately with ransomware, usually by exploiting some security breaches in web applications and gaining direct access in database to records with customers bank data - this it will be a good option to never store sensible data unencrypted, or by deleting your data and then request some bitcoins if you want your data back.
The bottom line it will be to hide your server for indiscrete eyes, secure the access as good as you can, enable login notifications, install web application firewall for wordpress especially, as your web application is more popular as the risk will be highly to be exploited and cracked