ELEMENTOR PRO USER? YOU NEED TO READ THIS!

For the last 7 years, I have been using WordPress to drive my online business. WordPress is perhaps the most crucial tool in any SEO’s set of tools. To put things into perspective, it has been installed over 455,000,000 times, which means that it is currently being used by 35% of website owners who can attest to its true potential.

There is a limitless number of plugins and theme combinations that help make it the ideal platform for those who aren’t that deep into tech. With WordPress, everyone now has an opportunity to turn their dreams and ideas into a reality before an awaiting online audience.

Unfortunately, this is the same aspect of WordPress that makes it a haven for malicious “black hat” marketers who can hack into your site and cause it malfunction, and they recently managed to do this on a large scale.

If you are an Elementor Pro user, then you may have been affected.

And you might not have even realized it.

ELEMENTOR PRO VULNERABILITY

On the 6th of May, Wordfence published an article that revealed how 1 million sites might be at risk of an active attack.

Attackers exploited a weakness in Elementor Pro’s security to redirect website visitors to their own websites and even take total control of the website.

However, the Elementor team took quick action to fix this flaw, and users were asked to update to the latest version immediately.

While the update gave many users peace of mind, including me, I later found out that the attacker already had access to a majority of the sites that we manage and that the update wouldn’t be of much help.

Just keep in mind that in case your website has already been affected, then updating it won’t fix it.

WHAT CAN AN ATTACKER DO WITH MY WEBSITE?

If the attack is executed perfectly, then this specific attack will install a web shell known as “wp-xmlrpc.php” – it has been named this way so that it can blend with your system files.

A web shell grants the attacker complete access to your website and in most cases, your server, and this means that they are able to:

Add, modify, or delete content
Add links for SEO value
Redirect your traffic to their sites
Remove everything
Do anything else

What’s more, in case you are using WooCommerce, then the hacker might also get access to your customer data.

HOW CAN ONE FIND OUT IF THEIR SITE HAS BEEN HACKED?

You don’t need to be tech-savvy to figure out if your website has been compromised.

You just need to follow the following steps:

1. REVIEW WORDPRESS USERS

One of the most obvious signs that an authorized party has attempted to take advantage of the Elementor Pro vulnerability is a new user on the site.

Receiving an email from WordPress notifying you that a new user was created between the first or second week of May is a surefire way of knowing that you have been hacked.

First, use your admin account to log into your WordPress admin area and then browse to the “Users” section.

Be on the lookout for suspicious or unfamiliar usernames.

WebARX has released a list of all the identified usernames that have been used in the attack, as of now.

In cased one of the usernames appears in your panel, then you need to rush immediately to If You’ve Been Hacked.

Please note that just because you don’t find an unfamiliar username, it doesn’t mean that your website is safe.

2. REVIEW YOUR FILES

Use FTP/SFTP/File Manager to go through your WordPress files.

While still on your WordPress root folder, which is normally the first folder that you see after logging in. Search for a file named wp-xmlrpc.php.

In case you find such a file, then the attacker managed to gain access. Trying to delete this file won’t help the situation at all.

Review /wp-content/uploads/elementor/custom-icons/

In case you find any files that seem out of the ordinary or unfamiliar to you, then it might have probably been planted by a hacker.

3. PERFORM A SECURITY SCAN

In case you utilize a web hosting company that manages this for you, such as WPX Hosting, WPEngine, SiteGround, and so on, then they should do this for you.

Instead of performing your own scan with Wordfence or Sucuri, this is usually a better option since your host might have the permission to scan system files that these plugins might not have access to.

While common free WordPress security plugins can detect an alteration in the WordPress core files, they can’t guarantee that a clean scan result translates to a safe site.

Paid subscribers those tools are normally covered by a firewall, and it is most likely that the attack failed.

4. VISIT YOUR SITE

In case you have visited your own site and you were redirected to another site, then you might have been hacked.

No one actually knows the manner in which the malicious redirect works.

Check your website using the following techniques:

Visit your website through a proxy
Use other browsers while in Incognito or Private mode.
Click through your website from Google or Social Media

If, after doing any of these, you were redirected to another website other than your site, then you might have been hacked.

WHAT IF YOU HAVE BEEN HACKED OR YOU ARE NOT CERTAIN?

ROLLBACK TO A PREVIOUS VERSION

Most web hosts provide a 14 to 30 days backup feature. Maybe, just maybe, you will come across this article in time in case you have been compromised. If so, you can roll your website back to any date before the attack.

Keep in mind that in case your backups have been stored on your server with anything like Updraft, then there is a possibility that they might be affected too.

HOW TO FIND OUT WHEN YOU WERE ATTACKED

WordPress normally shows registration times and dates by default.

Install Admin Columns Plugin

Make sure you enable the “Registration” column for “Users” in the plugin setting.

After doing this, when you visit the WordPress ‘Users’ page, you will see a new column displaying the date that the masquerading user was created.

Or in case you have your server access logs, then you can search for an entry called “wpstaff.php”.

After the backup has been restored, you need to immediately update your plugins to avoid another attack.

Once more, check for the user and the harmful files.

MANAGED HOSTING SUPPORT

In case you are using a managed host like any of those mentioned above, then you need to contact their support to discuss their security measures and if they provide malware cleaning.

Hosts like WPEngine and WPX Hosting offer this free of charge in all their packages.

CLEANUP SERVICE

Most “done for you” malware removal service providers have already made reports on the latest Elementor Pro issue.

The following are some of these sites; however, you should your own research since I haven’t yet tested them personally and am also not affiliated:

– site a
– site b

REBUILD

While it might feel like a drastic measure if you were already considering rebuilding your site regardless, then now might be the ideal time to rebuild from scratch.

This way, you will be guaranteed that you do not have any harmful files operating in the foreground.

You need to ensure that you use a different install or hosting account.

AVOIDING AN ATTACK

Not knowing beforehand which plugins have vulnerabilities might make it hard to prevent a hack.

Here are some fundamental tips for avoiding future hacks:

– Go for a managed WordPress host as these hosts often provide malware scanning along with removal, and toughen their WP installations by default. They stop the execution of PHP files in uploads folders

– Update Plugins, Themes, and WordPress Core

– Makes use of a security plugin. For basic protection, enable Firewall and WordPress hardening. Perfect solutions include Sucuri, WordFence Premium, and WebARX.

– You can also check WPVuLnBD or Run WPScan to identify at-risk plugins and themes that you might be using.

In case your WordPress site was hacked, tell us in the comments, how you were able to tackle the problem.

Google Rating

5.0

Raleigh SEO Company

Tommy Kurtenbach

18:07 20 Nov 18

Very clear and direct on what they can and can't do. They don't control Google, but they sure understand how the search engine works and were able to get us to #1 in under 6 months. We're now getting over 800 visitors to our website a month and covnerting about 35% of those into new customers. We're now workign with them to do a website redesign to convert more of our Ralegih and Durham website visitors into paying customers.

Lauren G. Morton

12:17 09 Feb 18

We partnered up with the Raleigh SEO Company back in 2015 and have been happily with them ever since. The founder of the company is a search marketing veteran from Silicon Valley that has been optimizing websites since 1998. He was a part of the original web guild that established online marketing as an industry. If you get the chance to speak with him, you’ll enjoy how crystal clear he makes everything and how he doesn’t believe in selling. Instead, he focuses on providing his expert analysis on what will work best and then letting his clients decide which direction they want to proceed. He operates very much like a legal expert does. Looking forward to a great 2018 with them.

Thelma Flores

16:25 03 Feb 18

We got tired of paying our last digital marketing agency $1000 a month for content that, as they put it, was supposed to bring in new clients in droves, but never did. So we decided to up our game and go with the number 1 ranking seo company in the area and that has been the best decision we’ve made in a long time. These guys truly are the attorney SEO experts. Highly recommend.

James Noble

14:38 02 Jan 18

Good results so far. We’ve only been working with them for 4 months now, and know it can take up to a year to see significant results, but it is impressive to see how much they’ve been able to get us on the 1st page of Google for in this short period of time. I don’t really understand how all this works, but I can say it does works. Not sure how it is with other digital marketing agencies, but these guys deliver.

Alisia Eiler

15:59 30 Dec 17

We started working with the Raleigh SEO Company back in June and have been very happy with the results so far. They’ve more than doubled the website traffic we receive every month and looking at the number of new cases we’ve received so far from their online marketing work, we’re getting just over a 10X ROI. We especially liked that they do not take on more than one client per city per niche, so we know they’ll never do the same for one of our competitors. If you’re looking for an attorney SEO expert, I highly recommend Brendan and his team.

Artie Unknow

10:25 20 Nov 18

I just wanted to personally thank the Raleigh SEO Company team for all you have done for us and our business. Your website and online presence recommendations really helped us with the sites we were trying to rank locally. They’re moving up the top 10 results as we speak and I have no doubt they’ll continue at the current break-neck speed. I really can’t say enough about how much you have helped us, all I can say is thank you very much.

Kacy Kruppenbacher

17:03 20 Nov 18

We saw a 212% lift in our website traffic after Brendan and his team started working on our website. And most importantly, the traffic was of much higher quality than we had been receiving in the past as it was laser focused from the higher-value keywords we’ve wanted to rank for for the last several years. Exceptionally talented SEO company with a friendly staff that always made us feel at ease. Highly recommend them.

Emma Natalie

17:42 31 Mar 19

I happened upon the Raleigh SEO Company when I was doing a search for Durham SEO. I was glad to see they had an office up here in Durham, NC so that I could meet with them in person. I got to meet with the owner, Brendan Monahan, who showed me exactly what was wrong with my website and enabled it to syndicate my blog posts to my Google My Business listing, my Facebook account, my Twitter account, my LinkedIn Business account and a bunch of other social media properties. A true time saver. Really appreciate all the hard work they put in to help my business do better. Good group of guys.

Ella Morissette

16:08 02 Apr 19

Brendan Monahan is who we turn too when we need an eCommerce site generating revenue fast. On our most recent eCommerce SEO project, he was able to get the site ranking #1 for 3 different national keywords that resulted in a 235% increase in website traffic. He also understands exactly how to structure product and category landing pages, which enabled us to increase our conversion rate from 1.4% to 3.5%. All told, the site is now producing an extra $1.2M in new revenue. Really appreciate all the hard work and looking forward to our next project together.

Travis Mcdonald

02:52 12 Dec 19

Outstanding eCommerce SEO so far from the Raleigh SEO Company. We've been with them for just under a year now and am blown away by the amount of revenue our online store now makes. We had another SEO company working on our site before but the results were lack luster. These guys know exactly what they're doing and what it takes to increase revenue. Keep up the good work!

Gil Andrade

01:41 19 Dec 19

I was referred to Brendan by a friend of mine in BNI who is currently working with him and getting good results for his business in Durham. I was most interested in what eCommerce SEO services his firm could offer and was pleasantly surprised to hear how he and his team have been working with eCommerce clients since 1998. I decided to give them a go and have been more than happy with the results so far. Just looking at the results of the last couple of months, our online revenue is up over 245% resulting in $493,718 in new revenue! Great eCommerce SEO service for the price IMHO.

Lynn Beasley

10:13 08 Dec 20

Excellent team to work with. I wasn’t sure what keywords were the best to pursue and they did all the research for me, showing me how I could get in front of an extra 1,000+ customers a month. The price was reasonable and the ROI has been outstanding. Took us four months to get on the 1st page of Google and that’s where we’ve stayed ever since. Highly recommend them.

Janet Hall

10:09 15 Oct 20

Our last agency took our website hostage and refused to give us access to it. So we reached out to Brendan and his team of website designers were able to recreate our old site and get us back online within a week! He was able to save us $22,000, which is what the last agency wanted to complete our 2 year contract with them. We’re now putting that money into SEO and seeing good results. Already on page 1 in less than a month. Great bunch of guys.

William Brown

13:46 22 Aug 20

As a bankruptcy attorney, I thought my practice would be thriving in these trying times, but alas we weren’t seeing one iota of increased customer calls. We figured out that we just weren’t ranking online and without that visibility we were never going to grow. Brendan and his team of SEO gurus fixed that for us and we now have 10 new leads coming in a day! Highly recommend these guys for getting a business to the top of Google. They truly are the pros.

Triangle Radiant Barrier

12:28 21 Aug 20

Brendan has done an amazing job creating our website and dramatically improving our search engine rankings. Over the first four months of service, our website traffic increased 93%. In the same time frame, ranking for one of our focus search terms improved from 56th to 5th. I very much appreciate his efforts, abilities, and professionalism and look forward to continue our services with him. Highly recommended.

Georgia King

11:06 25 Aug 20

Due to the whole COVID fiasco we needed to find a way to keep our doors open, so we reached out to the SEO experts to find out what they could do to help. They showed us how we could increase our online sales by targeting specific keywords and that’s exactly what they did. We now rank #3 on Google and have more leads coming in for our roofing business than we ever thought possible.

Thomas Voris

14:55 08 Apr 21

I run a landscape design company and saw that the Raleigh SEO Company had got a competitor of mine to #1 on Google in a local city. I reached out to see if they would drop my competitor and take me on as their client for more money and was shocked to hear them say NO. They actually said NO! I even offered them $1000 more a month than my competitor was paying and they still said no. They told me it was a conflict of interest and that's not how they roll. I was impressed with their honesty and integrity so I asked if they could rank me for a different city that my competitor wasn't ranking in and they agreed. We've been working together for 4 months now and my site is sitting in the #1 position now. Very happy with the results and very impressed with their level of integrity.

Carmen Arnold

13:23 17 Aug 21

These guys are the real deal! I spent over $22,000 with my last SEO agency and gave up on them after they couldn't even get me on Page 1. The Raleigh SEO Company swooped in and not only got me on the 1st page, but all the way to #1! Well worth the investment. Now I get to tell everyone I'm the #1 Ranking Attorney in my area. Awesome marketing approach that closes clients day and night. Thanks for all the amazing work guys!

Admin Crown Raleigh

15:21 03 Jun 21

I reached out to Raleigh SEO regarding marketing needs for my local small business. They were very professional and informed us that in our particular case SEO services was not what we needed to accomplish our goals. They were nice enough to advise us anyway and direct us in the right direction which shows that they are the kind of company that you want to do business with.

See All Reviews