Yes, OSSEC would not run on a shared server. If you get a VPS or dedicated server, then it would fit well (same for ClamAV).
You could still use https://www.ossec.net/wpsyslog2 to do some of the monitoring OSSEC does, but from inside WordPress (runs as a plugin).
For web site scanning, I would suggest looking at: https://sucuri.net (not free, but pretty cheap).
thanks,