Elementor takes its responsibility to create secure plugins seriously. Our developers are highly trained to write safe, secure code, and we monitor for vulnerabilities. However, as with all software, even with the level of expertise and scrutiny that we employ, vulnerabilities can sometimes occur. As such, there are things that every web creator should know and do to keep their websites as secure as possible.
How does Elementor prevent security issues from happening?
We have specialized professionals who continuously monitor for potential issues. In addition, we may be notified by people in our community channels, findings from security software makers, and of course our own testing procedures.
Do security issues happen often?
Fortifying security is a continuous process, not just a single effort. Whenever we identify a threat, we always remain vigilant and release a fix as soon as possible.
When we first discover a security vulnerability, we start by examining it and understanding it from each angle. In order not to jeopardize our users before issuing the fix, we keep the reported issue discrete. Once we issue the fix, we can go on to inform users about the vulnerability and its resolution.
What can I do, in general, on my end to prevent security issues from happening?
One of the most important steps you can take is to keep WordPress and your plugins up to date, as this will help ensure that any security patches are applied. Other steps include changing your password from time to time, considering the use of security plugins, and being mindful that you only use plugins and themes from known sources such as the WordPress.org repository and established companies that have a strong history of providing quality products. Avoid installing “nulled” plugins and themes as these often contain malicious code, and only keep plugins and themes on your site that you are actively using.
How do I report security bugs to Elementor?
Not only does Elementor encourage reporting security bugs, we offer rewards to people who report particularly important issues. Report a bug or find out more about this program at our Bug Bounty page.
How do I know if and when the security issue has been contained or fixed? Where do I go for the latest updates about security issues?
Follow our social media channels and especially our communities. It will be mentioned there, in our changelog, and when relevant, in a separate email. Please make sure to create an account to receive important updates like these.
Why doesn’t Elementor send me a message the moment a vulnerability happens?
We do not want to alert abusers to a problem which could cause them to take advantage of the issue. We focus our efforts on getting a fix out there as soon as possible. When the issue is contained, we quickly inform our users via several channels, including email.
I have an old version of Elementor Pro which was not renewed. Am I still safe?
Always upgrade to the latest version of Elementor. This advice may be applied to nearly all software. New versions contain security updates, bug fixes, and offer new features. If you want to test a new version before updating your live site(s), we recommend creating a staging area.