Definitely! Before you jump in, though, it’s important to ensure that you’re handling credit card data in a safe way. No matter where you host your website, credit card data should never be passing through your website, meaning credit card data (including card numbers, expiration dates, CVVs, etc.) should never touch your server, your database, your javascript, or other portions of your site’s code.
The best way to handle credit card data on a site is to use a third-party payment processor. Most eCommerce platforms support third-party processors by default, including WordPress® platforms.1 By handling credit card data this way, you can avoid dealing with a complicated set of security policies called PCI-DSS.
There are plenty of third-party processors to choose from, and Flywheel works with nearly all of them. A few of these processors include: Braintree, Authorize.NET, Stripe, and PayPal. Flywheel also works with nearly every WordPress eCommerce product. These eCommerce solutions tie into the third-party processors mentioned above for managing your products, shopping carts, and checkout process. Some of these eCommerce platforms include: WooCommerce®, Cart66, Shopp, and MarketPress.1
Flywheel meets PCI-DSS requirements for sites that don’t process, handle, or store credit card data. That means, as long you’re using a third-party processor to handle credit card data, your site will meet PCI-DSS requirements.
Questions come up about PCI-DSS compliance a lot, and there’s a lot of confusion about what PCI-DSS means. It’s impossible for any web hosting company, Flywheel included, to be PCI-compliant. Becoming fully PCI-compliant requires that you provide information about things like: how you control access to your site, who can access your codebase, how you store data on the server, how your site’s data is transferred, and more. As your web host, Flywheel doesn’t have control over most of those things, and therefore can’t be PCI-compliant.
Like we mentioned above, since Flywheel itself cannot be PCI-compliant, the best way to handle credit card data and remain PCI-compliant is by using a third-party processor. That way, the transaction is processed through a separate service that is itself PCI-compliant. By doing this, you’ll be sending customers to a payment processor that is better equipped to handle credit card data without having to worry.
Flywheel takes security very seriously, and we have strict policies and procedures regarding physical access to servers, how data is stored, how we log activity, and more. Many of those things are part of meeting PCI requirements, but don’t make you “PCI-compliant” automatically.
PCI-DSS compliance is the responsibility of the site owner, and the best way to be compliant is to design your site in a way that doesn’t require PCI compliance at all.
Flywheel’s servers are always prepared to handle your eCommerce needs!
If you have any questions our Happiness Engineers are here to help!
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!
View allLearn all about managing your Flywheel user account, Teams and integrations.
View allFlywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!
View allAll the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!
View allTips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.
View allLearn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.
Getting started with Growth Suite
Growth Suite: What are invoice statuses?
Growth Suite: What do client emails look like?
Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.
Restoring Plugin and Theme Management on Flywheel
Managed Plugin Updates: Database upgrades
Managed Plugin Updates: Pause plugin updates
We can help! Check out our Brand Resources page for links to all of our brand assets.
Brand Resources