Plugin Security Alerts from Flywheel provide site owners and organization members with critical security information via email when a vulnerable plugin is detected.
In addition, the Flywheel dashboard keeps track of plugin vulnerabilities so you can quickly manage and update outdated plugins that could put your site at risk.
Flywheel scans for plugin vulnerabilities every 24 hours with WPScan, we can not guarantee all vulnerabilities will be detected by the plugin researcher.
Flywheel does not immediately update vulnerable plugins for sites enrolled in Managed Plugin Updates, since these updates run on a set schedule.
For maximum security, we suggest setting your plugin update frequency to daily, which will ensure any vulnerable plugins are updated within 24 hours. If you’d rather stick with a weekly update frequency, any vulnerable plugins will be updated during the next cycle. In this case, we recommend updating the vulnerable plugins manually from the WP admin area.
If a vulnerable plugin is detected on your site(s) during our nightly scans, the site’s owner or all organization members (if the site is owned by an org) will receive an email that lists the sites with the plugin currently installed.
Clicking the site name will take you to the site’s dashboard on Flywheel, where you can learn more about the vulnerability and log in to your site to perform any recommended updates.
Clicking View Details will take you to the Vulnerabilities area of the Flywheel dashboard.
js_composer. The slug will often correspond to the plugin directory name.
The Vulnerabilities area of the Plugins tab displays information about outdated and compromised plugins. When a vulnerability is detected, click Vulnerability details to view more comprehensive info from WPScan. Click the Update in WP Admin link to log into your site and run any necessary updates.
For a more holistic view of vulnerable plugins across your sites, head to the Vulnerabilties tab of the Managed Plugin Updates page. Here you’ll see a list of plugins: clicking Details for a particular plugin will reveal which site(s) it’s installed on, and includes links to the WP Admin where the plugin can be updated.
If you have any questions our Happiness Engineers are here to help!
New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!View all
Learn all about managing your Flywheel user account, Teams and integrations.View all
Everything about billing, invoices and payments can be found here.View all
Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!View all
All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!View all
Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.View all
Learn how to connect, deploy, and more with SSH on Flywheel's platform.View all
Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.
Getting started with Growth Suite
Growth Suite: What are invoice statuses?
Growth Suite: What do client emails look like?
Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.
Managed Plugin Updates: Database upgrades
Managed Plugin Updates: Pause plugin updates
Managed Plugin Updates: Plugin Security Alerts