Elementor’s Add-on Relations team hosted a first-of-its-kind video webinar for third-party add-on developers from all over the world discussing the fundamentals of Elementor add-on security. Elementor, as well as Elementor add-on developers, share the joint mission of keeping Elementor-built websites secure, compatible, and stable and ensuring the best user experience. With that in mind, we addressed some of the most important topics relating to Elementor add-on development and cybersecurity.

Elementor ranks as the #4 most popular WordPress plugin, and so the more developers choose Elementor as their preferred platform to extend and expand, the more awareness needs to be spread about add-on security and how to implement its best practices. We discussed this during our session so that every step (and every result) of any developer’s Elementor dev processes will be safeguarded against breaches and security abuse.

Best Practices for Secure WordPress Development

In our webinar, we engaged with Elementor add-on developers about secure add-on development best practices, accompanied by the following topics:

  • Common WordPress vulnerabilities; what they are and how we deal with them at Elementor

Among others, we noted Cross Site Scripting (XSS), where your website is running scripts that it is not meant to be running, which can occur when, for example, you inject un-sanitized code to your website. This vulnerability can lead to granting user access to browser cookies, privilege escalation and even JS-based attacks. Our experts spelled out some XSS prevention rules for you to adopt in order to avoid this from happening to your Elementor add-on. 

Other vulnerabilities we discussed were Cross Site Request Forgery (CSRF), File Upload vulnerabilities, and unauthorized user creation (get_option( ‘user_can _register’)). Watch the full webinar to learn how you can avoid these situations. 

  • The measures Elementor in-house professionals take in order to avoid security pitfalls

Security is a daily routine at Elementor and we shared how we practice security when writing our own code. We mention that we integrate automatic checking and linting into our Integrated Development Environments (IDEs) and how we rely on continuous integration heavily, using the GitHub action in Elementor. We recommend you use similar practices with your own product. Yes, you’ll need to1 invest some time with the setup, but it’s a one-time task and worth the effort.
Our expert developers noted that we constantly run PHP Code Sniffer, which you too can use on your entire code base before you release a new version.

Securing the Elementor Third-Party Ecosystem

With over 1,000 free Elementor add-ons and more than 400 add-ons available on various markets, Elementor’s add-on ecosystem is growing exponentially. Elementor add-ons available on the WordPress repository have accumulated over 6 million active installs, while the premium add-ons have sold over 60,000 units on CodeCanyon alone. Popular add-ons such as Ultimate Addons, Essential Addons, and Dynamic.ooo have attracted a significant user base by hopping on the Elementor bandwagon in its early days; offering an impressive number of extended capabilities to the already rich Elementor widget pool. 

Whether it’s to generate additional income, help a client on a project, or just to help the Elementor community, each and every Elementor add-on developer has his or her personal reasons for investing valuable time in add-on development. However, all developers share a common goal: to enhance Elementor’s capabilities, utility, performance, and design features. In order to make that happen to maximum capacity, each aspect of functionality needs to be 100% secure.

We’re Forever Committed to Our Add-on Developers

Working hand-in-hand with our Elementor add-on developers is the foundation of our mission as web creation leaders. For our users, the stability of the Elementor platform and the seamlessness of its web creation experience are what we live for at Elementor. 

In-kind, securing this stability and user-friendly experience is a priority of the highest regard. Always keep in mind that your workflow is important to us, and we’re constantly evaluating how to make it even better. 

This security webinar specifically, has been requested and anticipated for some weeks now, with the growing number of threats that arise as Elementor becomes more and more popular. We see it as our duty, both towards add-on developers and towards our user base, to share our experience and knowledge, and to continuously keep our partners up-to-date on issues that may be of concern, especially when they are security-related.

What’s Next?

As part of our mission, we make sure that Elementor add-on developers always keep a pulse on version releases and feature updates, events going on, webinars like this one, and more. We’re planning on hosting many more future webinars, catered to the needs and requests of our Elementor add-on developers. 

If you have suggestions or insights about topics we can delve into, please let us know in the comments. We also encourage you to email us at [email protected] to start soaring without borders in your add-on development work.