Join our agency partner program for access to exclusive resources and referral benefits.

JOIN NOW
Menu

Managed Plugin Updates: Plugin Security Alerts

Updated on October 6th, 2021

Note

This article about Plugin Security Alerts applies only to sites enrolled in Managed Plugin Updates. For information about Plugin Security Alerts for all other sites, click here.

Plugin Security Alerts from Flywheel provide site owners and organization members with critical security information via email when a vulnerable plugin is detected on one or more sites.

In addition, the Flywheel dashboard keeps track of plugin vulnerabilities so you can quickly manage and update outdated plugins that could put your site at risk.


Table of Contents:

1. Setting plugin update frequency
2. Email alerts
3. Viewing vulnerabilities on the Flywheel dashboard
4. FAQ


Setting plugin update frequency

Flywheel does not immediately update vulnerable plugins for sites enrolled in Managed Plugin Updates, since these updates run on a set schedule.

For maximum security, we suggest setting your plugin update frequency to daily, which will ensure any vulnerable plugins are updated within 24 hours. If you’d rather stick with a weekly update frequency, any vulnerable plugins will be updated during the next cycle, within 7 days.

And of course you can always update your plugins manually from the WP admin area.

Note

For instructions on how to change the plugin update frequency for one particular site, click here. You can also set the plugin update frequency for all your sites by following the steps here.

Email alerts

If a vulnerable plugin is detected on your site(s) during our nightly scans, you’ll receive an email that lists the sites with the plugin currently installed.

Clicking the site name will take you to the site’s dashboard on Flywheel, where you can learn more about the vulnerability and log in to your site to perform any recommended updates.

Clicking View Details will take you to the Vulnerabilities area of the Flywheel dashboard.


Viewing vulnerabilities on the Flywheel dashboard

Plugins tab

The Vulnerabilities area of the Plugins tab displays information about outdated and compromised plugins. When a vulnerability is detected, click Vulnerability details to view more comprehensive info from WPScan. Click the Update in WP Admin link to log into your site and run any necessary updates.

Managed Plugin Updates page

For a more holistic view of vulnerable plugins across your sites, head to the Vulnerabilties tab of the Managed Plugin Updates page. Here you’ll see a list of plugins: clicking Details for a particular plugin will reveal which site(s) it’s installed on, and includes links to the WP Admin where the plugin can be updated.


FAQ

How often does Flywheel check my sites for vulnerabilities?

Flywheel scans for plugin vulnerabilities on a nightly basis, every 24 hours.

Since I have the Managed Plugin Updates Add-on, do I need to do anything when I see the vulnerability warnings?

Unless your plugin update frequency is set to daily, we suggest manually updating any vulnerable plugins that may pop up in between your regularly scheduled update cycle.

You can always change the schedule of your Managed Plugin Updates Add-on on the Flywheel dashboard.

What does Flywheel do when there are active plugin vulnerabilities found?

Flywheel will send an alert via email and update the site’s Plugins tab and Vulnerability area so you can perform updates as soon as possible.

If you have any questions or concerns about the plugin directly, we’d recommend reaching out to the plugin developer for more information.

I’m not able to set my plugin update frequency to “daily” or “weekly”. What’s wrong?

Sites on Flywheel’s Legacy platform can only be updated on a monthly basis. To move your plan to the Flywheel Cloud platform and gain access to daily and weekly update cycles, reach out to us!

Who will receive these Plugin Security Alerts via email?

The site’s owner or all organization members, if the site is owned by an org.

Where does Flywheel obtain this plugin vulnerability info?

The information is publicly available from WPScan. We cannot guarantee all vulnerabilities will be detected by the plugin researcher.

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all

Billing

Everything about billing, invoices and payments can be found here.

View all

Features

Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Growth Suite

Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.

View all

Managed Plugin Updates

Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.

View all

 

Flywheel help

Help is just a click away! Log into the Flywheel dashboard to instantly chat with an expert, open a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next WordPress site in minutes.

 Free migrations  24/7/365 support  14‑day demo sites