WordPress hosting company SiteGround recently released an urgent article stating that Elementor version 3 has a critical security vulnerability.
The vulnerability could allow a user who is registered on your website - including subscribers - to upload a zip file, pretend that zip file is a new version of Elementor, and allow them to gain full access to your website.
Patching the security vulnerability
To ensure that your website is not at risk, you will need to log in the back-end of your website, conduct a full backup and update Elementor to the latest version. This is Elementor 3.12 at the time of writing.
The vulnerability occurs in earlier versions of Elementor from 3.0 to 3.2.
If you are unsure of whether your website is at risk or how to update Elementor, we highly recommend that you reach out to your web developer.
Why would someone want to hack "my" website?
Hackers love finding easy targets like small to medium sized business websites. In contrast, large targets like banks, spend millions of dollars per year keeping hackers out, and have scores of teams monitoring hack attempts.
Once a hacker has access to a website, they can easily choose an item from their menu of devious tasks. We've hand picked five common reasons:
- Run code in the background to access other systems in your organisation, e.g. an email system.
- Create a fake page on your website then spam your clients into clicking to that fake page. Your clients would enter important information into that page. The information goes to the hacker instead of your organisation.
- Create a fake page on your website that looks like another website, e.g. a bank. They then spam the general public into clicking that fake page and steal people's personal data. This is an favourite of hackers because they never have to pay for website hosting - they just piggyback off your existing site.
- Steal information from the back-end of your website - especially if you have an ecommerce or membership website.
- Redirect your website to their own website - this helps them with SEO.
How to prevent these vulnerabilities occurring in the future
Today businesses need to stay on top of all their online assets including websites, email platforms, CRM systems, data storage and phones.
To ease the burden of this, a lot of IT companies and some agencies will offer a website maintenance package.
If you would like to chat to our team about your website's possible vulnerabilities, please request this via our online form.
