Hi,
if users get their own isolated or possibly shared resources like a board in wekan, depends highly on the app itself and what use-cases it provides. For wordpress, each app instance acts as its own website/blog on which the users, which have access to it can collaborate together. This means that if you want to provide isolated blogs for users, then each user would require its own wordpress app instance installed on the Cloudron on its own subdomain. The own subdomain sounds anyways like the use-case you have in mind here.
This leaves you with the two options, you already laid out there. Either each user gets his own Cloudron installed on a user specific domain, which would allow the user to install any app, entirely isolated from one another, or each user gets a wordpress app instance on a unified Cloudron instance and the access controls are set accordingly.
Those options would also imply that the unified Cloudron would have to be a larger server, with more resources, while one Cloudron per user, would likely work on small server instances. Considering server resource angle, this depends probably on how you can provision your infrastructure, basically if it works better for you to have one (or a few) large servers or a lot of small ones.
Hope this sheds some more light on this topic.
Johannes
