Select Page

Flywheel decides to invest a huge amount in security so that all of its customers will stay up to the maximum safety standards. This article will try to emphasize all of the aspects that Flywheel offers and the processes that it implements to maintain servers and webpages under full protection. Let’s begin with certain basic rules that operate on server and system level and start moving to more particular features and add-ons that users could use and activate on a website.

WordPress core files are locked

Another of the good things regarding WordPress would be that it’s all built almost at the same core application It enables theme and plugin developers  to build amazing designs and tools that could be used by anyone operating with WordPress.

One of several not-so-great issues regarding WordPress is that the same core that helps make theme and plugin  development simple also can make it easy to distributed malware. Hackers like the code provided by a great amount of people because it enables their malicious modifications through one piece of code to achieve extensive damage. What better place to create these modifications than the file set each WordPress website is ensured to have: the WordPress core?

No one can modify your Core wordpress files on Flywheel.

Everything within your WordPress setup is kept locked, apart from your custom content Would someone like to modify your wp-config.php file to package weird products on your website? Not on flywheel server!

Automatic WordPress Update

In order to avoid outsiders from interfering with your material, they make sure your website is operating the latest and most popular wordpress version  These updates sometimes include security fixes that close any windows and doors which attackers might just have found in the previous editions.

On Flywheel, such updates are fully automatic and happen regularly in under a few days of release.

Certificates for SSL

When your website collects information about users (e.g. personal contact information, credit card data for online payments,  or login form) you would like to be seen as a secure place on the world wide web website to leave a certain kind of information. Google also will rate your site more if it is running with an Secure Socket Layer (SSL) certificate.

Flywheel will provide all of its users with Let’s Encrypt Simple SSL certificates. Certificates could be configured after just a few clicks on the Flywheel control panel. And then you can protect over than one domain for same website as in August 2020 if Flywheel published Multiple Domain support.

Certificates were also valid for 90 days and Flywheel is responsible for the process to renew SSL Certificates for all the online sites they handle.

Intelligent IP blocking system

Smart Ip blocking on Flywheel detects and blocks attackers throughout all websites on their servers in seconds.

Flywheel monitor common hacker points of entry and instantly lock out certain IP address you’re attempting to get it through. These points shall include:

  • Failed attempts to access SSH
  • Failed to log in WordPress
  • WordPress Spam Comments
  • Connections to XMLRPC

Flywheel uses a range of methods to block traffic, beginning with trying to prevent malicious activity IP addresses from trying to open a server session, which is a really serious and immediate action. A further softer level of protection that they provide is their proprietary caching blacklist. This strategy identifies “banned” attempts to access and shows a cached page to the viewer declaring that their access has been prohibited.

This procedure stops connecting to the upper layers of the Flywheel software stack and uses the smallest system resources while still offering an easy-to-use response. In rare instances when a customer has lost their password and continues to try multiple times in just a few minutes, they can see a ban webpage but it will be displayed with easy, on-screen commands to have their IP un-banned.

Since prohibited IP information is collected across sites, they are developing some kind of “herd immunity” to malicious hackers in real – time basis as the threats take place. So your site is secured from attackers before they could even start attacking your website.

Free removal of malware

Also as consequence of their monitoring and audit  procedures , Flywheel is continuously on guard against malicious software or malware on their servers. Hacker server failures are rare, and Flywheel is investing a lot of effort to maintain the attackers away.

In case anything happens or customers experience malware problems the Flywheel team support  will assist their customer to remove malware. This service is free with all users of Flywheel and their agency has had a number of projects in which Flywheel has been coordinating with their development team to start cleaning up client websites that have come up with issues from other hosts.

Access to SFTP

Making website updates thru file transfer apps such as WinSCP, FileZilla,  Cyberduck, or other software that operates by connecting to a server using SFTP (Secure File Transfer Protocol) is a much better choice than conventional transfer protocols. SFTP utilizes secure encryption to secure all data during the transfer process. Encryption can protect data from being exposed on the Internet to outside organizations.

A common issue with FTP as well as SFTP access is that almost every single site can have access to it via the transfer protocol. If users operate on and manage single or two websites, these are probably not going to be an issue for you. But if you really need direct access  to  10, 20, 30 or even more websites, it’s not easy to take care of all these credentials.

What Flywheel provides for you is a single SFTP login with all your websites in just the same account on Flywheel . Credentials are the same as the username and password that you created for Flywheel control panel login. Inside your server-side SFTP customer, you should see all the websites arranged by their owners. Whenever you need to give or revoke access to anyone, please add them as Partners by having entered their email. Easy as that.

Attempts Limited Login

Brute Force Attacks are among the most popular ways that intruders can access a WordPress website. Flywheel protect against this both on the website and on the server – side; numerous failed attempts mean that unauthorized attacker could never get inside.

Conclusion of Flywheel Security Review

Getting your website hacked completely sounds horrible. No one likes to get distasteful ads to appear on their homepage, or to get spam out of their email. If your website is hacked, they will help to clean it up as well as provide recommendations about how to safeguard your website from the scratch!