We know keeping a site secure is a priority for our customers and that one of the top reasons for a WordPress site to get hacked is plugin vulnerabilities. We also know that tracking down what plugins have vulnerabilities can be a pain. That’s why we’re making it easier than ever for our customers to keep their sites secure with our free Plugin Security Alerts feature!

We’ll alert you via email when we’re made aware there’s a plugin compromised on your site(s). You’ll also be able to see information about the vulnerable plugin in Flywheel dashboard. With these alerts, you can take action right away to keep your site(s) extra safe and secure!

Here’s an example of the email you’ll get if a vulnerability is detected:

And here’s what is looks like on the Flywheel plugins tab:

If you are a freelancer or agency using our Growth Suite product, you’ll also be able to see plugin security alert data across all of your sites in one beautiful dashboard!

What do I do if I receive a plugin security alert?

You’ll want to head to the Flywheel dashboard to view more information on the vulnerability. From there, you can update the plugin, or remove it if a security patch is not yet available. If you have any questions along the way, check out this help doc for more information.

Note: Flywheel provides these alerts for free as part of our standard security package, however, we do not update plugins on your behalf by default. If you’d like us to take that off your plate, sign up for Managed Plugin Updates!

What does Flywheel do when there are active vulnerabilities found in my plugins?

Flywheel’s involvement is sending out an email notification and updating the in-app security notifications for each plugin. With this information, you can update the plugins to ensure your site is up-to-date and extra safe!

If you have any questions or concerns about the plugin, you can contact the plugin author for additional support. 

We do offer Managed Plugin Updates at $8/month per site if you would like our team to take that off your plate!  You can learn more about this Add-on here. 

I have the Managed Plugin Updates Add-on, do I need to update vulnerable plugins?

We’ll be sure to update your plugins at your next scheduled update! However, if your frequency is not set to daily, we highly recommend updating any vulnerable plugins that may pop up in between your regularly scheduled Managed Plugin Updates Add-on updates.

You can always change the frequency and schedule of your Managed Plugin Updates Add-on (from weekly to daily) in your Flywheel dashboard.