Pronto's Swift Response to a Critical WordPress Plugin Vulnerability

wordpress secure


This case study details how Pronto Marketing efficiently addressed a critical WordPress plugin vulnerability that affected over 11 million websites worldwide, including over 250 managed by Pronto.

Client websites
Complaints or reports of compromised sites
Stability of client websites post-resolution


Pronto Marketing is a leading digital marketing agency specializing in WordPress management, website design, SEO, and PPC management services. 


Unraveling a Massive Threat

The vulnerability was in Elementor Pro versions up to and including 3.11.6. It stemmed from a function that could modify WordPress options in the database using user input. 

The vulnerability opened up the potential for an attacker to create an administrator account, change the email address, redirect all traffic, or create a WooCommerce customer account.

After discovery and reporting on March 18, 2023, Elementor quickly released an updated version, 3.11.7, four days later on March 22, 2023. 

However, the challenge was to quickly and effectively implement this fix across all affected sites managed by Pronto.

“The best defense is a good offense. When the Elementor Pro vulnerability was discovered, we didn't sit back; we took immediate action.”

Adam Selley
Adam Selley
Head of Platform & Support

“Before working with Pronto, we felt like our local lead generation was rather dry. We wanted to step up our online marketing efforts and Pronto’s team obliged with a robust action plan to get it done.”

Justin Kelley
Justin Kelley
Technology Consultant & CEO

Mobilizing Expertise: Pronto's Rapid Solution

Our technical support team had a well-oiled machine in place to handle such situations. They utilized a script maintained by our developers to identify plugin vulnerabilities. 

Once an exploit was found, it was flagged immediately to our testers and engineers.

The remediation process involved creating a site backup and pushing the fix to the affected sites. The team then ran general tests to ensure the fix hadn’t disrupted site functionality. A small team dedicated to upgrading plugins ensured these updates didn’t impact other parts of our support services.

Our internal communication and quick response protocol also played a crucial role. 

The team was notified about the exploit via Slack, which kept everyone informed and aware. Moreover, we maintained an impressive SLA of 24 hours to patch every site with a vulnerability, with trained personnel ready round-the-clock. 

Even in the absence of a developer, a support agent would escalate the issue to their ‘panic room,’ thereby ensuring that a patch was implemented swiftly.

To ensure robust and ongoing security, we deployed a range of active/passive and on-site/server-level measures. 

These included: 

  • Secure WordPress Hosting
  • Unique Login URLs
  • Two-Factor Authentication
  • SSL certificates
  • XML-RPC disabled 
  • HTTP Security Headers 
  • WordPress Security Plugins 
  • Database Security 
  • Secure File and Server Permissions 
  • reCAPTCHA Support 
  • Hardware firewalls 
  • DDoS detection
  • Encrypted SFTP
  • SSH connections

“With Pronto’s GMB management service, we saw a sustained increase in our local lead generation over time. I was impressed with how quickly an impact was felt.”

Justin Kelley
Justin Kelley
Technology Consultant & CEO
The Outcome

Security for All Elementor Website Clients

Our response to this vulnerability has been highly effective, as we have not received any complaints from clients regarding their sites being compromised since the patch was implemented. The stability of our client’s websites post-resolution remained intact.

  • Successfully patched and secured over 250 client websites within 24 hours
  • Zero client complaints or reports of compromised sites post-patch implementation
  • 100% stability of client websites post-resolution

“I've witnessed various threats in my experience. But the Elementor Pro vulnerability was unique, posing a critical risk to millions of websites. I'm proud to say that our team's quick and effective response showcases Pronto Marketing's dedication to our clients' security.”

Adam Selley
Adam Selley
Head of Platform & Support

“We’re now coming up on a year since we signed up with Pronto and the results have been fantastic. With more local leads coming in than ever, we have definitely seen a difference on our bottom line.”

Justin Kelley
Justin Kelley
Technology Consultant & CEO

This case study serves as a real-world demonstration of Pronto Marketing’s expertise and diligence in securing our clients’ online environments.

Our swift and effective response to the Elementor Pro vulnerability epitomizes the essence of our WordPress Maintenance Support service: steadfast security, exceptional uptime, and unrivaled peace of mind.

See our Marketing Services

WordPress Support

Our WordPress experts manage your website's edits and tasks round-the-clock.

Speed Optimization

Our WordPress engineers audit your site and run up to 40 optimizations for your website.

See Other companies we helped

Speed Optimization Case Study

Fidelis, Inc took advantage of Pronto's website optimization service included in their WordPress support plan.

Download PDF

"*" indicates required fields

This field is for validation purposes and should be left unchanged.