Menu

All help articles

Plugin Security Alerts: Overview

Updated on March 8th, 2023

Flywheel’s Plugin Security Alerts provide site owners and organization members with critical security information via email when a vulnerable plugin is detected on one or more sites.

In addition, the Flywheel dashboard keeps track of plugin vulnerabilities so you can quickly manage and update outdated plugins that could put your site at risk.

Flywheel provides these alerts for free as part of our standard security package, however, we do not update plugins on your behalf by default. If you’d like us to take that off your plate, sign up for Managed Plugin Updates!

Note

Customers with sites enrolled in Managed Plugin Updates should refer to this article instead.

   Table of Contents:

Email alerts

If a vulnerable plugin is detected on your site(s) during our nightly scans, you’ll receive an email that lists the sites with the plugin currently installed.

Clicking the site name will take you to the site’s dashboard on Flywheel, where you can learn more about the vulnerability and log in to your site to perform any recommended updates.

Note

Plugin Security Alerts will display the plugin name based on the plugin’s slug (internal name used by WordPress), which may differ from the plugin’s marketing name. For example, WPBakery Page Builder’s slug is js_composer. The slug will often correspond to the plugin directory name.

Flywheel dashboard

The Plugins tab of the Flywheel dashboard includes information about outdated and compromised plugins. When a vulnerability is detected, you can hover over the shield icon for more details. Click the WP Admin button to quickly log into your site and run any necessary updates.

FAQ

Why should I keep my plugins up to date?

WordPress sites are most often compromised due to outdated plugins and themes. With Plugin Security Alerts, Flywheel notifies you when your site might be at risk so you can take swift action.

How often does Flywheel check my sites for vulnerabilities?

Flywheel scans for plugin vulnerabilities on a nightly basis, once every 24 hours. Keep in mind that plugin updates may be released by the plugin developer at any time, so if you encounter an at-risk plugin before Flywheel has had a chance to scan your site for the day, you can always check for updates manually from the plugins area of the site’s WP admin.

What does Flywheel do when there are active plugin vulnerabilities found?

Flywheel will send an alert via email and update the site’s Plugins tab so you can perform updates as soon as possible.

If you have any questions or concerns about the plugin directly, we’d recommend reaching out to the plugin developer for more information.

How much does this cost?

It’s free and included in every Flywheel plan!

Who will receive these Plugin Security Alerts via email?

The site’s owner or all organization members, if the site is owned by an org.

Where does Flywheel obtain this plugin vulnerability info?

The information is publicly available from WPScan. We cannot guarantee all vulnerabilities will be detected by the plugin researcher.

I don’t like updating plugins, can Flywheel do it for me?

Sure can! With our Managed Plugin Updates Add-on, plugins on your sites can be updated as frequently as every day. That means any vulnerable plugin should be updated within 24 hours (as long as the plugin developer issues a fix). To learn more about MPU, click here.

Need help?

If you have any questions our Happiness Engineers are here to help!

Was this article helpful?

Yes No
or contact Support

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all

Billing

Everything about billing, invoices and payments can be found here.

View all

Features

Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Developer Hub

Learn how to connect, deploy, and more with SSH on Flywheel's platform.

View all

Growth Suite

Learn more about Growth Suite, our all-in-one solution for freelancers and agencies to grow more quickly and predictably.

View all

Managed Plugin Updates

Learn more about Managed Plugin Updates, and how you can keep your sites up to date, and extra safe.

View all

Local

View the Local help docs

 

Flywheel help

Help is just a click away! Log into Flywheel dashboard to instantly chat with an expert, respond to a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next site on WordPress in minutes.

 Free migrations  24/7/365 support  14 day demo sites
Get started
Features
Flywheel for
Resources
Company
Customers

© 2013–2024 WPEngine, Inc. All rights reserved.
WP ENGINE®, VELOCITIZE®, TORQUE®, EVERCACHE®, and the cog logo service marks are owned by WPEngine,Inc. | Privacy Policy

1WP Engine is a proud member and supporter of the community of WordPress® users. The WordPress® trademarks are the intellectual property of the WordPress Foundation, and the Woo® and WooCommerce® trademarks are the intellectual property of WooCommerce, Inc. Uses of the WordPress®, Woo®, and WooCommerce® names in this website are for identification purposes only and do not imply an endorsement by WordPress Foundation or WooCommerce, Inc. WP Engine is not endorsed or owned by, or affiliated with, the WordPress Foundation or WooCommerce, Inc.