Elegant Themes Blog

Stay up to date with our most recent news and updates

Divi Undergoes Intensive Security Audit By Sucuri and Passes With Flying Colors

Posted on February 21 by in General News | 41 comments

Divi Undergoes Intensive Security Audit By Sucuri and Passes With Flying Colors

When developing our themes, we take Security very seriously. Even though we have complete confidence in our team to produce rock-solid themes, we often have our products audited by third party security professional to ensure that nothing slips through the cracks. Recently, we hired Sucuri to do a full code audit and vulnerability assessment of our flagship theme, Divi. Over the past two weeks, Sucuri has been studying and scrutinizing every single line of code in the theme. In the end, not a single significant problem was found.

The code audit found 0 issues. Because of the rarity of an event like this, the review was performed multiple times, each time with the same results. Exceptional job by the Elegant Theme development team.

divi-sucuri-seal

This comes as no surprise to us, but we are still excited to have the hard work of our team validated. It’s always great to collaborate with the Sucuri team, and we look forward to continually working together to provide the most solid, secure and dependable themes around.

It is the opinion of the review team that this theme was developed extremely well and as such, the Divi Theme is deserving of the Safe Theme seal. No significant issues were identified during the vulnerability assessment. No issues were identified in the code audit.

Ensuring that the themes you use are secure is extremely important. Using a theme with the Sucuri Safe Seal means that you can relax in the confidence of knowing that your theme has been tested and is trusted by industry-leaders in the field of WordPress security. In other words, we got your back :)

41 Comments

  1. That’s great news. Made me more confident in using Divi for my projects.

  2. Great work then! keep the good effort!

  3. This is great to know. I’m glad ET takes security so seriously. Give me confidence in using Divi and other ET themes.

  4. Congratulations to all the team.

    Needless to say that I’m loving the theme and am really looking forward to version 2.

  5. Great news! I’m using the Divi in two projects already and my job is just so easy now.

    Keep the excelent work ET Team!

  6. Congratulations Nick and the Elegant Themes team! Keep up the good work, I’m planning to make a switch back to Elegant Themes theme (with Divi) this year =D

    I just need to create some short video content to make the website as awesome as the theme itself!

  7. That is great news and fits to the quality of your themes anyway.

    You still recommend a firewall like wordfence?

      • Can we use that “Sucuri Seal” on our sites if we are using Divi?
        If we can, where do we find it?

        • I’m not sure if that would be appropriate or not. I would email sucuri.net and see what they say, just to make sure.

          • Please update us on this via your comment or blog post or anything. Thanks for this wonderful themes by the way.

        • That seal is a Member item they provide when you hire Securi for Server Side and Website Monitoring. They also have a member plugin, different from the free WP plugin. Well worth the money in you have a shared hosting situation with multiple sites especially. I had client sites on a server with DIVI, (their hosting account) and they had malware on other sites I didn’t get near, still made it over to all the sites on the server. Securi is who I had handle it, and they were fast and did a great job of weeding out the backdoors. By the time the hosting company caught the Malware and wanted to suspend the account, we were already about done with the cleanup. Highly recommend both Elegant Themes and Securi for WordPress Developers and Designers.

  8. Awesome! I will use this as a sales argument for my websites. I’ve got one question: what type of issues could have been encountered by the theme that Siri helps prevent? (to understand fully the extent of this)

  9. Fabulous news Nick.
    I use Sucuri on all my sites and they are the guys who should know.

  10. Congratulations, it’s well deserved! It’s my favorite theme to work with by far. I love the clean look and the easy interface, but the layouts are truly revolutionizing my workflow and saving me lots of time.

  11. Great new Nick and well done to the ET team.

    I’ve used Divi on a couple of sites now and the more I use it the better and better it seems to get, the tiny amount of work I’ve had do to tweak the responsive views on the current site was a huge testament to just how good and flexible Divi really is!

  12. Congratulations to the ET team ! Proud to use Divi. This gal is sleek =)

  13. Congratulations to Nick and the whole ET-Team! :-)

  14. Congrats guys for this job on a WordPress theme. Continue like this.

  15. Could someone go the next step and tell us what this actually means?
    Secure from what and the practical ramifications. As it stands it just sounds like promotional guff.

    • The audit is far from a promotion guff, in fact we spend a lot of time and money on professional security reviews for our themes. Sucuri breaks their review into two categories – a line-by-line Code Audit, and a Vulnerability Assessment.

      The Vulnerability Assessment is a human driven inspection of the technology guided by Sucuri’s vast experience with WordPress-related security flaws. The process includes testing for vulnerabilities at various access levels, including:

      • Basic Remote Testing: This is where users with no log in access attempts to exploit the theme.
      • Low Privileged Remote Testing: This is where users assigned low roles have the ability to 
increase their access.
      • Local Attacks: Users with low access to the server are able to use the theme to increase 
administrative access to the server.
      • Admin Attacks: Focus is on identifying potential Cross Site Request Forgery (XSRF) and Cross-Site 
Scripting (XSS) potentials while using the administrator role


      For each of the core areas described above Sucuri focuses on some of the most prevalent security flaws, such as:

      • Remote or local file includes vulnerabilities
      • Cross-Site Scripting (XSS)
      • SQL Injections

      The next phase, the Code Audit, consists of a thorough line-by-line review of the theme. This phase focuses on problems such as:

      • Concurrency problems
      • Flawed business logic
      • Access control problems
      • Cryptographic weaknesses
      • Backdoors, Trojans
      • Time Bombs
      • Logic Bombs
      • Input validation issues
      • Check Error Handling
      • Cross-Site Scripting
      • SQL Injection
      • Cross Site Request Forgery

      Their auditing procedure is developed based on OWASP guidelines and is tailored to WordPress specifically.

      • It crystal clear now and I’m amazed that Divi could pass all that looking at all the codes doing magic under the hood to creating beautiful, swift and secure website. Well done NICK for taken security seriously even when we didn’t choose it as one of our no 1 point agenda during the survey.

      • Well, you came up with another blog post here Nick. :P You better paste this as another blog post and make those never-pleased people understand how much you put efforts in making those themes work. Been your customer for close to two years and I have found rock solid themes all the time… Keep up the good work.. Thanks

  16. Congrats

  17. That’s great news! Good job ET developers!

  18. It means that sucuri security and shit are the same things…

    DIVI clearly have a lot of issues with Mod_Security…

    AND if u guys exclude this comment, you all exclude also a LOT of clients.

  19. any tentative date for the next Divi release?

  20. Recently I started to move almost all our new and some old projects on Divi, which is stunning in every aspect for creating any kind of project, also is very flexible, I guess in future would be no need for other theme, just custom layouts, and now with security review from Sucuri became a choice over any other theme or solution. Great job with Divi… did I mention that seems to load quicker than other themes?!
    Many thanks for the work of ET Team!

  21. Congrats, i am your fan, thousand thanks for share your excellent work

  22. Divi is not longer just a theme. It has become a framework of sorts. Great job ET :)

  23. Excellent News! Congratulation! Elegant Themes Forever!

  24. Thanks for caring your existing customers. Very rare theme house do such audits.

  25. Great Work Guys!!!

  26. Are there any woo commerce shops that have switched to Divi? I am contemplating switching my store to Divi, but it will be a long process – hahaha. So, I wanted to see other examples first.

    THANK YOU!!!

    Kathy

  27. Good Job Ellegant Themes, i use Divi in my latest project

Leave a Reply

Your email address will not be published. Required fields are marked *

Current day month ye@r *

For the all-inclusive price of $69, you are only paying $.79 per theme!

Join our 233,869 happy customers and get complete access to our 87 themes

100% Satisfaction Guaranteed Or Your Money Back!

Sign Up Today

Signup For Access To Free WordPress Tips & Resources

Signup for our newsletter and get access to free downloads, as well as daily WordPress tips, tricks and resources.