VPS LAMP or LEMP, which gives better secure?

Hello everyone, I'm not an expert system and every day I try to learn new ways on managing a server, specially for the security so this is my question, on a VPS, LAMP or LEMP, which gives better secure? and why?

Nothing is secured , any VPS / Server has to be secured , optimized. regarding the technologies you mentioned , first evaluate your website/app requirements , see which is best suited for your requirements and then deploy it.

once you are done with it , you can start securing the server based on the technologies you have used.

Not what you use but how you use it that matters. Both can be secured very well if you know how. With that said out of box Apache might be more secure for common web applications which rely on .htaccess to protect directories and files not meant for public viewing. Nginx without any further vhost directory location context level protections added manually, would allow such private directories public access as Nginx doesn't support or read .htaccess files.

It's why for my Centmin Mod Nginx LEMP stack latest 123.09beta01, I wrote and auto enable on all newly generated Nginx vhosts a tool called autoprotect.sh

An example of Apache directory's .htaccess deny all file at /privatedirectory/.htaccess
An example of Nginx directory you have to manually create in your nginx vhost at /privatedirectory having deny all set for 403 permission denied
Running autoprotect.sh which runs on initial Nginx vhost generation and at scheduled cronjob intervals will transverse through all Nginx vhost sites at /home/nginx/domains/ looking for any .htaccess files which have .htaccess 'deny from all' detected directories and generate the corresponding Nginx location match deny all config in an include file specific for each domain i.e. /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf where domain name = domain.com
contents of include file /usr/local/nginx/conf/autoprotect/domain.com/autoprotect-domain.com.conf where autoprotect.sh detected a matching .htaccess file at
/home/nginx/domains/domain.com/public/privatedirectory/.htaccess which needs a nginx equivalent location match deny all rule generated
I believe no other out of box Nginx solution other than Centmin Mod provides such a feature

The autoprotect.sh tool is also useful for catching any missing Nginx manually needed directory location context protections/deny all when you upload a common web app and forget to protect such directories as intended by the web app developer/author

The autoprotect.sh tool can also give end user the option to manually bypass autoprotect.sh script and NOT auto create a nginx deny all location match by manually creating a .autoprotect-bypass file within the directory you want to bypass and exclude from autoprotect.sh. You may want to do this if your nginx deny location match for a directory involves whitelisting ip addresses' access to the directory or you already manually added such in your Nginx vhost config

not exactly autoprotect.sh is just for detecting which directories on your server have .htaccess with deny from all contained within it and auto protects those directories so end users don't leave a web application author's intended htaccess directories vulnerable to public access

In my opinion apache is used more used and you can find more details on the web if an issue arise, but nginx is better for high-traffic websites. However, 90% of the attacks are directed to your application, like wordpress or joomla, so you have to secure your vps , optimize your web server & harden your php, just choosing a webserver over another won't really help you.