As website owners become savvier, hackers have to find sneakier ways to break into sites. Unfortunately, they have once again found a backdoor way to hack into websites. The latest breach affected over 7 MILLION websites. Learn more about the recent security issues with the Elementor WordPress plugin and what you need to do about it.
Elementor WordPress Plugin
A lot of new website creators opt to purchase bundled themes to create their sites. The thinking is that a bundle will have everything you need…like one-stop shopping. Unfortunately, these bundles create more headaches that cost you more time and money to fix. We recently talked about issues with ThemeForest themes, and the Elementor WordPress plugin is commonly bundled with their products. If you had purchased Elementor by itself then you are probably already aware of the security breach. Odds are that you have it via a bundled deal, and potentially have a ticking time bomb lurking on your website.
Plugins that come packaged with themes don’t include license keys, so you won’t be able to update them. Additionally, many ThemeForest themes suppress update notifications for bundled premium plugins, so you might not even be aware that an update is available. Run, don’t walk, to see if Elementor is on your site. Then come back here to learn how to fix it.
Cross Site Scripting – XSS
So what exactly did hackers manage to do with the Elementor WordPress plugin? It’s called an XSS, or Cross-Site Scripting, vulnerability. With this type of attack, a malicious script is uploaded to the site via the plugin. This script, also referred to as a code, then collects and steals data from website users and visitors. If a visitor also happens to be an administrator on the site, then the hackers could take over the site. This is a serious security breach.
The Solution
Elementor patched the issue when they became aware of it. To eliminate the threat, you will need to update the plugin on your WordPress site. If you are running a version of Elementor older than 3.2.0, you need to update it immediately. Unfortunately, if you purchased a bundled theme and don’t have the plugin’s license key, you might not be able to update it. If that’s the case, consider deleting the plugin or purchasing your own version to improve your site’s security.
Luckily, there is an alternative to bundled themes on the horizon. DIY website builders who want to create custom WordPress sites won’t have to rely on bundled themes anymore. Keep an eye out for WebWiskee, the affordable, DIY website-builder that makes it easier than ever to take your shot and build the business you’ve always wanted. Until this soon-to-be-launched venture opens for business, Houndstooth Media Group can check your site for security issues. Our Website Technical Audit gives you peace of mind knowing that your site is running safely and securely.