My advice ... one domain ... use subdirectories.
Observation with my own servers ... one on RackSpace and one on Google Compute Engine ... script kiddies tend to look for vulnerabilities at document root. Error logs of server indicate that ... looking for known wp directories and scripts or moodle directories and scripts or joomla directories or scripts ... or X dirs and scripts.
Used to have a lot of fun ... copied IIS 404 403 error pages which proudly announce how to attack the 'flavor' of the server on a *linux* box, then sat back and watched error logs for vulnerability probes on Windows servers ... which didn't work for obvious reasons!
As an unintended and side affect of using static cover page on server that points to apps directories, script kiddie scan's and or attempts only produce errors. Seen in logs, I can use servers networking firewall to block those bad actor IP addresses ... or even a range of IP addresses such that those IP's never see anything of my server again. Not a Ft. Knox, but ...
There's always a flip ... yin/yang ... with some bad actors, have just declared WWW3! :|
My 2 cents.
'SoS', Ken