Scale your agency & find long-term success with our Agency Partners Program!

Learn more
Menu 

Flywheel and PCI-DSS Compliance

Updated on May 1st, 2020

Can I host my eCommerce site on Flywheel?

Definitely! Before you jump in, though, it’s important to ensure that you’re handling credit card data in a safe way. No matter where you host your website, credit card data should never be passing through your website, meaning credit card data (including card numbers, expiration dates, CVVs, etc.) should never touch your server, your database, your javascript, or other portions of your site’s code.

The best way to handle credit card data on a site is to use a third-party payment processor. Most eCommerce platforms support third-party processors by default, including WordPress platforms. By handling credit card data this way, you can avoid dealing with a complicated set of security policies called PCI-DSS.

There are plenty of third-party processors to choose from, and Flywheel works with nearly all of them. A few of these processors include: Braintree, Authorize.NET, Stripe, and PayPal. Flywheel also works with nearly every WordPress eCommerce product. These eCommerce solutions tie into the third-party processors mentioned above for managing your products, shopping carts, and checkout process. Some of these eCommerce platforms include: WooCommerce, Cart66, Shopp, and MarketPress.

Is Flywheel PCI-DSS compliant?

Flywheel meets PCI-DSS requirements for sites that don’t process, handle, or store credit card data. That means, as long you’re using a third-party processor to handle credit card data, your site will meet PCI-DSS requirements.

Questions come up about PCI-DSS compliance a lot, and there’s a lot of confusion about what PCI-DSS means. It’s impossible for any web hosting company, Flywheel included, to be PCI-compliant. Becoming fully PCI-compliant requires that you provide information about things like: how you control access to your site, who can access your codebase, how you store data on the server, how your site’s data is transferred, and more. As your web host, Flywheel doesn’t have control over most of those things, and therefore can’t be PCI-compliant.

How can you meet PCI-DSS standards?

Like we mentioned above, since Flywheel itself cannot be PCI-compliant, the best way to handle credit card data and remain PCI-compliant is by using a third-party processor. That way, the transaction is processed through a separate service that is itself PCI-compliant. By doing this, you’ll be sending customers to a payment processor that is better equipped to handle credit card data without having to worry.

How can Flywheel help with PCI-compliance?

We’re happy to work with you to get an eCommerce site set up safely and securely, from implementing a third-party payment processor to setting up an SSL certificate on your site.

Flywheel takes security very seriously, and we have strict policies and procedures regarding physical access to servers, how data is stored, how we log activity, and more. Many of those things are part of meeting PCI requirements, but don’t make you “PCI-compliant” automatically.

PCI-DSS compliance is the responsibility of the site owner, and the best way to be compliant is to design your site in a way that doesn’t require PCI compliance at all.

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all

Billing

Everything about billing, invoices and payments can be found here.

View all

Features

Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Flywheel help

Help is just a click away! Log into the Flywheel dashboard to instantly chat with an expert, open a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next WordPress site in minutes.

 Free migrations  24/7/365 support  14‑day demo sites