Menu

Flywheel and PCI-DSS Compliance

Updated on December 6th, 2024

Can I host my eCommerce site on Flywheel?

Definitely! Before you jump in, though, it’s important to ensure that you’re handling credit card data in a safe way. No matter where you host your website, credit card data should never be passing through your website, meaning credit card data (including card numbers, expiration dates, CVVs, etc.) should never touch your server, your database, your javascript, or other portions of your site’s code.

The best way to handle credit card data on a site is to use a third-party payment processor. Most eCommerce platforms support third-party processors by default, including WordPress® platforms.1 By handling credit card data this way, you can avoid dealing with a complicated set of security policies called PCI-DSS.

There are plenty of third-party processors to choose from, and Flywheel works with nearly all of them. A few of these processors include: Braintree, Authorize.NET, Stripe, and PayPal. Flywheel also works with nearly every WordPress eCommerce product. These eCommerce solutions tie into the third-party processors mentioned above for managing your products, shopping carts, and checkout process. Some of these eCommerce platforms include: WooCommerce®, Cart66, Shopp, and MarketPress.1

Is Flywheel PCI-DSS compliant?

Flywheel meets PCI-DSS requirements for sites that don’t process, handle, or store credit card data. That means, as long you’re using a third-party processor to handle credit card data, your site will meet PCI-DSS requirements.

Questions come up about PCI-DSS compliance a lot, and there’s a lot of confusion about what PCI-DSS means. It’s impossible for any web hosting company, Flywheel included, to be PCI-compliant. Becoming fully PCI-compliant requires that you provide information about things like: how you control access to your site, who can access your codebase, how you store data on the server, how your site’s data is transferred, and more. As your web host, Flywheel doesn’t have control over most of those things, and therefore can’t be PCI-compliant.

How can you meet PCI-DSS standards?

Like we mentioned above, since Flywheel itself cannot be PCI-compliant, the best way to handle credit card data and remain PCI-compliant is by using a third-party processor. That way, the transaction is processed through a separate service that is itself PCI-compliant. By doing this, you’ll be sending customers to a payment processor that is better equipped to handle credit card data without having to worry.

How can Flywheel help with PCI-compliance?

Flywheel takes security very seriously, and we have strict policies and procedures regarding physical access to servers, how data is stored, how we log activity, and more. Many of those things are part of meeting PCI requirements, but don’t make you “PCI-compliant” automatically.

PCI-DSS compliance is the responsibility of the site owner, and the best way to be compliant is to design your site in a way that doesn’t require PCI compliance at all.

Flywheel’s servers are always prepared to handle your eCommerce needs!


Need help?

If you have any questions our Happiness Engineers are here to help!

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all

Billing

Everything about billing, invoices and payments can be found here.

View all

Features

Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Developer Hub

Learn how to connect, deploy, and more with SSH on Flywheel's platform.

View all

Growth Suite

Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.

View all

Managed Plugin Updates

Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.

View all

 

Flywheel help

Help is just a click away! Log into Flywheel dashboard to instantly chat with an expert, respond to a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next site on WordPress in minutes.

 Free migrations  24/7/365 support  14 day demo sites