Sanitize a heterogeneous and obsolete web hosting infrastructure

I inherit an IT department where I have a technical debt of 20 years of hosting various websites on various platforms. The only common point is that everything is obsolete and not updated. The challenge is to provide some security and stability by isolating the sites from each other. So that if... no, rather when a site has an exploited vulnerability, it will have the least possible impact on other customers. The first idea that came to me was to put each site under docker in order to meet my two main constraints: no client budget immediately available to update the sites, and lots of different hosting environment: almost all php versions from 4.X to 7.X, same for mysql / maria db, and I even have some sites currently running in asp that I'm thinking of closing in priority.