Millions of people around the world have leveraged the awesome power of WordPress to build their sites.  Whether for personal or business use, WordPress has the flexibility and functionality to create just about any type of site you can dream of.

A large part of this flexibility comes from the power of plugins, but that’s the problem.  With thousands of plugins available, there are lots of opportunities for hackers.

Recently, the authors of the Elementor WordPress plugin released an update (version 3.6.3) which addresses a critical security flaw that allowed unauthorized users to execute code remotely.  The issue put nearly half a million websites at risk, so the company moved quickly to address it.

Elementor’s user base has been quick to embrace the security patch with about a million of the plugin’s users having already updated.  Unfortunately, that still leaves about five hundred thousand users who are vulnerable.

If you have incorporated Elementor into your website’s design and functionality, check to see what version you’re running.  If you’re running anything before 3.6.3 then your site is at risk, and you should update as soon as possible.

WordPress manages their sprawling global empire with surprising efficiency, and carefully tracks security threats introduced by plugin security flaws.  Kudos to both WordPress and the development team at Elementor for finding and acknowledging the issue, then moving quickly to make sure it was resolved.

In our view this is model behavior that companies in any industry can learn from.  There was a lot of transparency here right from the start.  Everyone involved with and responsible for the software was responsive and took fast action, making the fix available quickly.

Kudos all around.  This is how it should be done!