In our webinar, we engaged with Elementor add-on developers about secure add-on development best practices, accompanied by the following topics:
- Common WordPress vulnerabilities; what they are and how we deal with them at Elementor
Among others, we noted Cross Site Scripting (XSS), where your website is running scripts that it is not meant to be running, which can occur when, for example, you inject un-sanitized code to your website. This vulnerability can lead to granting user access to browser cookies, privilege escalation and even JS-based attacks. Our experts spelled out some XSS prevention rules for you to adopt in order to avoid this from happening to your Elementor Add-on.
Other vulnerabilities we discussed were Cross Site Request Forgery (CSRF), File Upload vulnerabilities, and unauthorized user creation (get_option( ‘user_can _register’)). Watch the full webinar to learn how you can avoid these situations.
- The measures Elementor in-house professionals take in order to avoid security pitfalls
Security is a daily routine at Elementor and we shared how we practice security when writing our own code. We mention that we integrate automatic checking and linting into our Integrated Development Environments (IDEs) and how we rely on continuous integration heavily, using the GitHub action in Elementor. We recommend you use similar practices with your own product. Yes, you’ll need to1 invest some time with the setup, but it’s a one-time task and worth the effort.
Our expert developers noted that we constantly run PHP Code Sniffer, which you too can use on your entire code base before you release a new version.