At around 11:00 PM EST on March 29, the Elementor site was down due to a DDoS attack. Unlike the usual stream of attacks we handle on a daily basis, this attack was on a scale that usually targets bank or government sites. It was done at night and during the weekend, with the intention that we would be less equipped to deal with the matter during this time.
What is DDoS?
DDoS attacks are the biggest website threat of our times. It is a worldwide phenomenon, and like every growing company, we are continually working on decreasing our exposure to the possibility of attacks.
If you don’t know what a DDoS attack means, here is a brief analogy. Think of it as a room that has the capacity for 100 people, and suddenly thousands of people try to get in, and have to ‘wait in line’. Our servers are powerful and equipped to deal with millions of requests, but this attack was immeasurable.
With over 4B requests and over 20TB in volume, the attack continued for almost 24 hours and restricted users from logging in to the site, purchasing Pro plans, and viewing their license key and account details.
What Exactly Happened
It’s important to understand that this was ONLY an attack and not a hack. Your data remained safe throughout the ordeal, and our servers were never jeopardized. Elementor and Elementor Pro plugins were not affected, and your sites were unaffected as well.
We understand that due to the site outage, some of our users may have experienced some delays while working on projects. In our eyes, this was an attack not only on our servers, but on the millions of individuals who use Elementor. For those affected, we empathize with the impact this attack had on your business.
What We Did
Throughout the attack, our Cyber Security team was diligently toiling to fix the disturbance in order to resume our site services.
As of yesterday 2:00 PM EST, the site is back up and fully operational. We have been working throughout the day to thwart the continuous attacks, but the site is still being bombarded by bots. We ask for your continued patience as we work to strengthen our cybersecurity against possible future high-volume attacks.
We have not yet found the culprit, and once we have more information we will release another update. If you are experiencing additional issues related to this incident, please contact our support team.
Plan of Action
Elementor is making adjustments to its DDoS protection system and team to better mitigate against these types of attacks.
There are several measures being undertaken:
- Advising with external cybersecurity specialists and companies regarding better prevention methods.
- Strengthening our staff on weekends, and setting better protocols for communication.
- Building new procedures and guidelines to help us relay these matters to our community faster.
- Examining further prevention technologies for sitewide implementation.
A special thanks go to the admins of the Elementor community, who helped us respond to questions posted by users and relayed the details of the attack.
As we grow, the role of the Elementor website is becoming more critical for our users; as a source of education, knowledge, and communication with our team. Offering you continuous access to the Elementor site is a top priority. We’re doing everything in our power to ensure these types of outages will not recur.
Over the past three years, Elementor has grown to become one of the largest and most reliable companies in the WordPress world. We have an amazing community who has shown us wonderful support and patience throughout this ordeal. We don’t take any of it for granted. Your trust means everything to us; you can rely on Elementor to be there when you need us.