Update: March 29th DDoS Attack

Since March 29th, the Elementor website is under a heavy DDoS attack and suffering some intermittent outage. Here are the details of what is happening.

At around 11:00 PM EST on March 29, the Elementor site was down due to a DDoS attack. Unlike the usual stream of attacks we handle on a daily basis, this attack was on a scale that usually targets bank or government sites. It was done at night and during the weekend, with the intention that we would be less equipped to deal with the matter during this time.

What is DDoS?

DDoS attacks are the biggest website threat of our times. It is a worldwide phenomenon, and like every growing company, we are continually working on decreasing our exposure to the possibility of attacks.

If you don’t know what a DDoS attack means, here is a brief analogy. Think of it as a room that has the capacity for 100 people, and suddenly thousands of people try to get in, and have to ‘wait in line’. Our servers are powerful and equipped to deal with millions of requests, but this attack was immeasurable.

With over 4B requests and over 20TB in volume, the attack continued for almost 24 hours and restricted users from logging in to the site, purchasing Pro plans, and viewing their license key and account details.

What Exactly Happened

It’s important to understand that this was ONLY an attack and not a hack. Your data remained safe throughout the ordeal, and our servers were never jeopardized. Elementor and Elementor Pro plugins were not affected, and your sites were unaffected as well.

We understand that due to the site outage, some of our users may have experienced some delays while working on projects. In our eyes, this was an attack not only on our servers, but on the millions of individuals who use Elementor. For those affected, we empathize with the impact this attack had on your business.

What We Did

Throughout the attack, our Cyber Security team was diligently toiling to fix the disturbance in order to resume our site services.

As of yesterday 2:00 PM EST, the site is back up and fully operational. We have been working throughout the day to thwart the continuous attacks, but the site is still being bombarded by bots. We ask for your continued patience as we work to strengthen our cybersecurity against possible future high-volume attacks.

We have not yet found the culprit, and once we have more information we will release another update. If you are experiencing additional issues related to this incident, please contact our support team.

Plan of Action

Elementor is making adjustments to its DDoS protection system and team to better mitigate against these types of attacks.

There are several measures being undertaken:

  • Advising with external cybersecurity specialists and companies regarding better prevention methods.
  • Strengthening our staff on weekends, and setting better protocols for communication.
  • Building new procedures and guidelines to help us relay these matters to our community faster.
  • Examining further prevention technologies for sitewide implementation.

A special thanks go to the admins of the Elementor community, who helped us respond to questions posted by users and relayed the details of the attack.

As we grow, the role of the Elementor website is becoming more critical for our users; as a source of education, knowledge, and communication with our team. Offering you continuous access to the Elementor site is a top priority. We’re doing everything in our power to ensure these types of outages will not recur.

Over the past three years, Elementor has grown to become one of the largest and most reliable companies in the WordPress world. We have an amazing community who has shown us wonderful support and patience throughout this ordeal. We don’t take any of it for granted. Your trust means everything to us; you can rely on Elementor to be there when you need us.

About the Author

Ben Pines
Ben Pines
Elementor evangelist & head of content. Follow me on Twitter

Share on

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp

Liked This Article?

We have a lot more where that came from! Join 877,316 subscribers who stay ahead of the pack.
By entering your email, you agree to our Terms of Service and Privacy Policy.

Comments

23 Responses

  1. They use Cloudflare according to my DNSlytics Chrome extension. I’ve never put too much faith in Cloudflare being able to stop anything. IMHO

  2. Yes I understand what trouble elementor and team plus users have experienced…but hats off you guys have handled things well…I suggest changing license keys of registered users as a security

  3. Great to see you have come out of it quickly but the culprit needs to identified & publicly made known so that future they don’t try these circus.

  4. DDoS is every online person’s nightmare. I genuinely feel for you all. Thanks for getting it sorted so quickly and giving a speedy response.

    1. I wonder which Cloudflare plan they’re on and which host / Cloud plarform they’re using (Cloud services have HTTPS load balancers too but even those have limits and make you pay for higher request volumes)! Also, would Wordfence or Sucuri plugin help at all in this event? I understand Sucuri has its own CDN too.

  5. Only great people are target of a DDoS attack and this time it was aimed to the best WP developing platform available. Thanks team for the great job and prompt response in this case. Keep it up!

  6. I know its really a bad when we do hard work and a single virus spoil our hole work. I really happy that you resolve this problem due to your team management. I suggest that you should use some security router and a good secure server.

  7. As a web hosting provider, I personally suggest you guys to use premium DDoS services. Most usually, cloudflare just filters out HTTP attacks. But many DDoS happen on other protocols as well. Like to say, mail Port and all. FYI, there are 7 layers of attack and cloudflare just protects a single layer.

    Adding a Sucuri advanced (which is meant for enterprises) ddos should help in most cases.

  8. Well done guys. Being a target to such level of attack speaks a lot about your positions and impact in the WP world. It reassures me that you are the best and continue to be the best. I am also assured of your capability to keep your clients safe.
    Elementor will continue to excel.

  9. Só jogam pedra em arvores que dão frutos, Continue a crescer, a equipe e o produto de vcs são a referencia de bom trabalho a nível mundial.

    ( Only throw stones in trees that bear fruit, Keep growing, the team and product of you are the reference of good work worldwide. )

Leave a Reply

Your email address will not be published. Required fields are marked *

Want to learn how to build better websites?

Join 877,316 Elementors, and get a weekly roundup of our best skill-enhancing content.

By entering your email, you agree to our Terms of Service and Privacy Policy.