The best way to handle credit card data on a site is to use a third-party payment processor. Most eCommerce platforms support third-party processors by default, including WordPress platforms. By handling credit card data this way, you can avoid dealing with a complicated set of security policies called PCI-DSS.
There are plenty of third-party processors to choose from, and Flywheel works with nearly all of them. A few of these processors include: Braintree, Authorize.NET, Stripe, and PayPal. Flywheel also works with nearly every WordPress eCommerce product. These eCommerce solutions tie into the third-party processors mentioned above for managing your products, shopping carts, and checkout process. Some of these eCommerce platforms include: WooCommerce, Cart66, Shopp, and MarketPress.
Flywheel meets PCI-DSS requirements for sites that don’t process, handle, or store credit card data. That means, as long you’re using a third-party processor to handle credit card data, your site will meet PCI-DSS requirements.
Questions come up about PCI-DSS compliance a lot, and there’s a lot of confusion about what PCI-DSS means. It’s impossible for any web hosting company, Flywheel included, to be PCI-compliant. Becoming fully PCI-compliant requires that you provide information about things like: how you control access to your site, who can access your codebase, how you store data on the server, how your site’s data is transferred, and more. As your web host, Flywheel doesn’t have control over most of those things, and therefore can’t be PCI-compliant.
Like we mentioned above, since Flywheel itself cannot be PCI-compliant, the best way to handle credit card data and remain PCI-compliant is by using a third-party processor. That way, the transaction is processed through a separate service that is itself PCI-compliant. By doing this, you’ll be sending customers to a payment processor that is better equipped to handle credit card data without having to worry.
We’re happy to work with you to get an eCommerce site set up safely and securely, from implementing a third-party payment processor to setting up an SSL certificate on your site.
Flywheel takes security very seriously, and we have strict policies and procedures regarding physical access to servers, how data is stored, how we log activity, and more. Many of those things are part of meeting PCI requirements, but don’t make you “PCI-compliant” automatically.
PCI-DSS compliance is the responsibility of the site owner, and the best way to be compliant is to design your site in a way that doesn’t require PCI compliance at all.
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!
Migrating your sites using the Flywheel Migrations plugin
How do I go live on Flywheel?
What is a Demo Site?
Learn all about managing your Flywheel user account, Teams and integrations.
Your role as a collaborator
How do I transfer sites to/from an Organization?
What is a collaborator in Flywheel?
Everything about billing, invoices and payments can be found here.View all
Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!View all
All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!
Can I get access to my database?
What plugins are not recommended?
How do I access my site via SFTP?
Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.View all