Security FAQ

Security FAQ

Elementor takes its responsibility to create secure plugins seriously. Our developers are highly trained to write safe, secure code, and we monitor for vulnerabilities. However, as with all software, even with the level of expertise and scrutiny that we employ, vulnerabilities can sometimes occur. As such, there are things that every web creator should know and do to keep their websites as secure as possible. 

Q: How does Elementor prevent security issues from happening?

A: We have specialized professionals who continuously monitor for potential issues. In addition, we may be notified by people in our community channels, findings from security software makers, and of course our own testing procedures.

Q: Do security issues happen often? 

A: Fortifying security is a continuous process, not just a single effort. Whenever we identify a threat, we always remain vigilant and release a fix as soon as possible.

When we first discover a security vulnerability, we start by examining it and understanding it from each angle. In order not to jeopardize our users before issuing the fix, we keep the reported issue discrete. Once we issue the fix, we can go on to inform users about the vulnerability and its resolution.

Q: What can I do, in general, on my end to prevent security issues from happening?

A: One of the most important steps you can take is to keep WordPress and your plugins up to date, as this will help ensure that any security patches are applied. Other steps include changing your password from time to time, considering the use of security plugins, and being mindful that you only use plugins and themes from known sources such as the WordPress.org repository and established companies that have a strong history of providing quality products. Avoid installing 「nulled」 plugins and themes as these often contain malicious code, and only keep plugins and themes on your site that you are actively using. 

Q: How do I know if and when the security issue has been contained or fixed?  Where do I go for the latest updates about security issues?

A: Follow our social media channels and especially our communities. It will be mentioned there, in our changelog, and when relevant, in a separate email. Please make sure to create an account to receive important updates like these.

Q: Why doesn』t Elementor send me a message the moment a vulnerability happens?

A: We do not want to alert abusers to a problem which could cause them to take advantage of the issue. We focus our efforts on getting a fix out there as soon as possible. When the issue is contained, we quickly inform our users via several channels, including email.

Q: I have an old version of Elementor Pro which was not renewed. Am I still safe?

A: Always upgrade to the latest version of Elementor. This advice may be applied to nearly all software. New versions contain security updates, bug fixes, and offer new features. If you want to test a new version before updating your live site(s), we recommend creating a staging area.

For information on specific security fixes, see below.

Security vulnerability solved on version 2.9.4

Q: What steps should I immediately take?

A: Update your Elementor Pro version to the latest one, 2.9.4. Also, head over to Settings » General page in your WordPress admin area. Scroll down to the 『Membership』 section and uncheck the box next to the 『Anyone can register』 option unless you activated it intentionally and need it for your website.

The vulnerability allows malicious files to be uploaded to the site via the Icon Sets Zip file uploading system. We want to emphasize that this loophole only affects Elementor Pro sites with a specific WordPress option active, namely the 『Anyone can register』 option. We have already released a new version of Elementor Pro which resolves this vulnerability with two main fixes: 

Only Administrator role users can upload Icon Sets.Only authorized files can be processed via a ZIP file.

Q: Who is exposed to this vulnerability and to which version of Elementor does this apply? 

A: The exploit uses the Custom Icons zip files upload mechanism to inject malicious files. The Custom Icons feature was introduced in Elementor Pro 2.6. Users with this and later versions (except 2.9.4) might be exposed and should take action to ensure their site safety. Users that have their site hosted on a server that restricts .php files execution in uploads folder are unlikely to be exposed to this vulnerability.

Q: How do I know if my site was affected? 

A: Check your WordPress users list to see if any new unknown user has registered, especially if you control who registers to your site. If so, it still doesn』t mean that your site is affected: check your Custom icons folder in uploads directory: /wp-content/uploads/elementor/custom-icons/ and check in the inner Custom Icons folders for any unknown .php files. 「index.php」 is part of the original files. If you find any trace of the mentioned above items, it is likely that your site has been compromised. 

Q: What should I do in case my site was affected? 

A: If you think your site was compromised, delete any unknown users, change passwords to your registered users, and contact your hosting provider to let them know about the issue for further assistance. Restoring from a backup prior to the infected custom icons library creation date might be a viable solution for you.

「Undefined」 error while loading templates

「Undefined」 error while loading templates

If you see the error message 「Undefined」 when you try to add a template:

Upgrade your PHP version to PHP7 (backup your website before)In some cases, the latest version of PHP may cause undefined errors. Although staying up to date with PHP versions is often a good idea, it may cause problems for edge cases. Downgrade to a PHP version one version lower than the latest if this occurs.Ask your hosting company to increase the timeout value of your serverAsk them also to check the database encodingVerify that it is not due to a plugin conflict by deactivating all your plugins besides Elementor and Elementor Pro. If this solves the issue, reactivate them one by one to find the culprit.Check if it is not due to a conflict with a browser add-on by editing in incognito mode with your browser.

How To Use The Elementor Experts Network

How To Use The Elementor Experts Network

Browse, contact, and hire an Elementor Expert or agency based on your project needs.

Our global community of professional designers, marketers and developers are here to help.

The steps to hire an expert are simple:

Take a look around – Explore our pool of talent to see which of our experts could be the best fit for your project.Narrow it down – Filter the Experts based on your project criteria, such as expertise, location, and price.Connect with good matches – Decide which Expert you』d like to work with, and contact them by submitting your request.

Note: You can browse our Experts』 profiles without creating an account. In order to contact an Expert, however, you』ll need to create a free Elementor account.

Login Widget (Pro)

Login Widget (Pro)

The Login Widget makes it easy to create a custom login page, instead of the default WordPress login page.

How to add a login page to WordPress

Create a New Page, and add the Login Widget

Form fields

Label: Show or Hide the form LabelInput size: Choose the Form Fields input size.

Button

Text: Type the button』s textSize: Choose the size of the buttonAlignment: Set the button』s alignment

Additional options

Redirect After Login: Set to ON or OFF.Lost Your Password: Choose whether or not to display the 「Lost Your Password」 linkRemember me: Choose whether or not to display the 「Remember Me」 checkboxLogged in message: Choose whether or not to display the a Logged In user a messageCustom label: Change the default form label and placeholder text

Style

Form

Rows Gap: Set the exact gap between each rowLinks Color: Choose the color of the linksLinks Hover Color: Choose the color of the links when hovered over

Label

Spacing: Set the exact gap between the label and its corresponding fieldText Color: Choose the color of the label textTypography: Set the typography options for the label text

Fields

Text Color: Choose the color of the text within the fieldsTypography: Set the typography options for the text within the fieldsBackground Color: Choose the background color of the fieldsBorder Color: Choose the border color of the fieldsBorder Width: Set the thickness of the border around the fieldsBorder Radius: Set the border radius to control corner roundness of the fields

Button

Normal | Hover

The following options can be set independently for both the normal and hover states.

Text Color: Choose the color of the button』s textTypography: Set the typography options for the button』s textBackground Color: Choose the background color of the button

Border Type: Select the type of border, choosing from none, solid, double, dotted, dashed, or groovedBorder Radius: Set the border radius to control corner roundness of the buttonText Padding: Set the amount of padding around each side of the text in the button

Advanced

Set the Advanced options that are applicable to this widget

Note: Use your regular WordPress login credentials with the Login Widget

My Dashboard > Services

My Dashboard > Services

The Services dashboard allows you to set a starting price for each service you offer. 

Enter a dollar amount in the field to the right of the service, or use the arrow keys to increase or decrease the amount.

I』ve activated Safe Mode but it didn』t solve the problem

I』ve activated Safe Mode but it didn』t solve the problem

If Safe Mode didn』t help you to resolve the problem, there are other possible solutions.

Check if you meet the system requirements for Elementor. If you don』t meet the memory requirements, edit your wp-config.php file or contact your hosting company and ask them to increase your WP memory by using the following guideTry the following: Use the option switch front-end editor loader method. You can find it in the settings of Elementor in your WordPress Dashboard (see the screenshot below). Enable this option and see if it solves the issue.

Sometimes, if your URL in the back-end is different than the one in the front-end it can also lead to this problem. Make sure that the Site Address (URL) is similar to the WordPress Address (URL) to avoid loading issues These URLs can be checked in 「Settings > General」.On some servers, you will have to change the SubstituteMaxLineLength.In rare cases, the white screen of death can occur because of a program installed on your computer. To rule out this possibility, edit from another computer.Sometimes, this can happen because of a Fatal error. To confirm this, you can check Elementor > System Info to see if there are any PHP errors logged.

Problems sometimes exist because of an add-on installed on your browser. In this case, you can switch to another browser (It has to be Safari, Chrome, Firefox, or Opera).A gray page might be due to X frame restrictions. You can see if it is the issue by checking the error messages of your browser console (to do it, click right on your mouse, select 「inspect」 and then 「console」. Error messages are written in red). In this case, you will have to change the X-Frame-Options from DENY to SAMEORIGIN. Please ask your host to do this for you. Note: If you use traefik and docker then add this to your docker-compose…traefik.frontend.headers.customFrameOptionsValue: SAMEORIGIN If you use Cloudflare, you will have to switch off Rocket Loader. When Rocket Loader is activated, it can take time to load the editor of Elementor, and sometimes you will get stuck on the gray loading page. Click here for a solution   

Note: Safe Mode can be activated only by site admins (i.e. users with administrator privileges) because only they can deactivate plugins. If you are not receiving the Enable Safe Mode option, please ask your site administrator to activate the safe mode and troubleshoot the problem for you. In the case of a multisite setup, only Super Admins can activate Safe Mode.

WooCommerce Widgets (Pro)

WooCommerce Widgets (Pro)

With Elementor WooCommerce Builder you can now design your Single and Archive product templates.

Single

Product Title – Control the style and layout of your Product Title

Product Images – Set the image or gallery you wish to display

Product Price – Set the Product Price position and style

Add to Cart – Control the layout and style of the Add To Cart button

Product Related – Set your own style to the Related Products

Product Stock – Add a Product Stock Widget to display the product』s stock number

Product Meta – Set the distance between the text, display it stacked or inline, and control the style of your Metadata

Short Description – Control the Short Description layout and style

Product Content – Set your own style to the Product Content

Product Data Tabs – Control the Data Tabs style

Additional Information – Add Additional Information to your product display

Upsell – Set your own style to the Upsell Products

Note: To learn more about WooCommerce Single Product Builder click here

Archive

Archive Title – Control the style and layout of your Archive Title

Archive Products – Set the style and layout of the Archive Products

General

Products – Set your Products content and style

Woocommerce Breadcrumbs – Control the colors and layout for WooCommerce Breadcrumbs

Custom Add to Cart – Add an Add To Cart button anywhere on your site

WooCommerce Pages – Display a WooCommerce page (e.g. Cart page, Checkout page, etc.) anywhere on your site

Menu Cart – This special custom widget opens the cart in a window. It is best practice to use it in your Header. You can display your cart from any page of your website without leaving it

Important! In order for the Woocommerce Builder to work, you need Elementor pro 2.1 + WooCommerce 3.4 or higher.

Lottie Widget (Pro)

Lottie Widget (Pro)

Lottie widgets are small animated elements which are rendered from .json files. Simply upload or reference an external .json file and adjust as desired.

Content

Lottie

Source: Select the source of the Lottie file, either Media File or External URLUpload JSON file: If Media File is chosen as the source, click here to upload the .json file from your computer.External URL: if External URL is chosen as the source, enter the URL hereAlignment: Align the widget to the left, right, or centerCaption: Select the caption to be used, which was assigned to the file in the Media Library, choosing either None, Title, Caption, or Custom. If Custom is selected, you can enter your own caption here.Link: Select Custom URL if you wish to enter a link for the element or select None for no link.

Settings

Trigger: Choose what will trigger the animation to begin, selecting from Viewport, On Click, On Hover, Scroll, or None. Viewport: This option is only available if either Viewport or Scroll is selected as the trigger. Select the position within the viewport at which the element will appear and when it will disappear.Effects Relative To Scroll: This option is only available if Scroll is selected as the trigger. Select whether the scroll position is relative to either Viewport or Entire Page.Loop: Choose No or Yes to continuously loop the animationNumber of Times: This option is only available if Yes is selected for Loop. Enter the number of times you wish to have the animation loop before stopping.Play Speed (x): Increase or decrease the speed at which the animation playsReverse Animation: Select Yes to reverse the animationStart Point: Select at which point the animation will beginEnd Point: Select at which point the animation will endRenderer: Select either SVG or Canvas to render the graphics. Lazy Load: Select Yes to lazy load this element or No to load it immediately

Style

Lottie

Width: Set the width of the elementMax Width: Set the maximum width of the elementOpacity: Set the Opacity for Normal and Hover statesCSS Filters: Set CSS Filters: Blur, Brightness, Contrast and Saturation for Normal and Hover statesTransition Duration: Set the amount of time before hover transition takes effect, in milliseconds

Security Note: Please be careful about uploading Lottie JSON files from an unknown source. JSON files may potentially include malicious content. Elementor does initiate actions to sanitize the files, but there are some risks involved nonetheless. Make sure you only upload trusted files and do not allow the option to upload unfiltered files unless you understand the risks involved.

Breadcrumbs Widget (Pro)

Breadcrumbs Widget (Pro)

Elementor』s Breadcrumbs Widget works with the popular Yoast SEO Plugin. So to use this widget, INSTALL YOAST SEO.

Content

Alignment: Set the Alignment.HTML Tag: Choose an HTML Tag

Note: Additional settings are available in the Yoast SEO Breadcrumbs Panel

Style

Typography: Click the  icon to design the typography using Elementor』s design optionsText Color: Set the color for the textLink Color: Set the color for the link. Set it for Hover as well

How To Contact An Elementor Expert

How To Contact An Elementor Expert

You must be logged in to your account to contact an Expert.

 If you are not logged into your Elementor account, either log in or create a new account if you would like to contact an expert.

Once you are logged into your Elementor account, you can contact an Expert by clicking the Hire Me button on their profile. Fill out the contact form. Your correspondence with the Expert will then continue via email.