Divi Undergoes Intensive Security Audit By Sucuri and Passes With Flying Colors

Last Updated on September 15, 2022 by 42 Comments

Divi Undergoes Intensive Security Audit By Sucuri and Passes With Flying Colors
Blog / General News / Divi Undergoes Intensive Security Audit By Sucuri and Passes With Flying Colors

When developing our themes, we take Security very seriously. Even though we have complete confidence in our team to produce rock-solid themes, we often have our products audited by third party security professional to ensure that nothing slips through the cracks. Recently, we hired Sucuri to do a full code audit and vulnerability assessment of our flagship theme, Divi. Over the past two weeks, Sucuri has been studying and scrutinizing every single line of code in the theme. In the end, not a single significant problem was found.

The code audit found 0 issues. Because of the rarity of an event like this, the review was performed multiple times, each time with the same results. Exceptional job by the Elegant Theme development team.

divi-sucuri-seal

This comes as no surprise to us, but we are still excited to have the hard work of our team validated. It’s always great to collaborate with the Sucuri team, and we look forward to continually working together to provide the most solid, secure and dependable themes around.

It is the opinion of the review team that this theme was developed extremely well and as such, the Divi Theme is deserving of the Safe Theme seal. No significant issues were identified during the vulnerability assessment. No issues were identified in the code audit.

Ensuring that the themes you use are secure is extremely important. Using a theme with the Sucuri Safe Seal means that you can relax in the confidence of knowing that your theme has been tested and is trusted by industry-leaders in the field of WordPress security. In other words, we got your back 🙂

Divi

Want To Build Better WordPress Websites? Start Here! 👇

Take the first step towards a better website.

Get Started
Divi
Premade Layouts

Check Out These Related Posts

Divi 5 Public Alpha Progress Update (200+ Changes)

Divi 5 Public Alpha Progress Update (200+ Changes)

Updated on November 5, 2024 in General News

Last month, we released the Divi 5 Public Alpha, and we’ve been 100% focused on fixing the bugs you’ve been reporting. We released two new versions (Public Alpha Version 1 and Public Alpha Version Two), including over 200 bug fixes and improvements. Download The Divi 5 Alpha Next Stop,...

View Full Post

42 Comments

  1. Hi , so if I am using the gleam theme am I not protected? Only the Divi theme is?

  2. Good Job Ellegant Themes, i use Divi in my latest project

  3. Congratulations, I could’t use a insecure theme at all.

  4. Are there any woo commerce shops that have switched to Divi? I am contemplating switching my store to Divi, but it will be a long process – hahaha. So, I wanted to see other examples first.

    THANK YOU!!!

    Kathy

  5. Great Work Guys!!!

  6. Great work guys!!!

  7. Thanks for caring your existing customers. Very rare theme house do such audits.

  8. Congratulations!

  9. Excellent News! Congratulation! Elegant Themes Forever!

  10. Divi is not longer just a theme. It has become a framework of sorts. Great job ET 🙂

  11. Its Divi for life!

    We love you ET!

    Team VizTV

  12. good to know that keep it up

  13. Congrats, i am your fan, thousand thanks for share your excellent work

  14. Recently I started to move almost all our new and some old projects on Divi, which is stunning in every aspect for creating any kind of project, also is very flexible, I guess in future would be no need for other theme, just custom layouts, and now with security review from Sucuri became a choice over any other theme or solution. Great job with Divi… did I mention that seems to load quicker than other themes?!
    Many thanks for the work of ET Team!

  15. Well that’s good to know 🙂 Congrats!

  16. any tentative date for the next Divi release?

  17. It means that sucuri security and shit are the same things…

    DIVI clearly have a lot of issues with Mod_Security…

    AND if u guys exclude this comment, you all exclude also a LOT of clients.

  18. That’s great news! Good job ET developers!

  19. Congrats

  20. Could someone go the next step and tell us what this actually means?
    Secure from what and the practical ramifications. As it stands it just sounds like promotional guff.

    • The audit is far from a promotion guff, in fact we spend a lot of time and money on professional security reviews for our themes. Sucuri breaks their review into two categories – a line-by-line Code Audit, and a Vulnerability Assessment.

      The Vulnerability Assessment is a human driven inspection of the technology guided by Sucuri’s vast experience with WordPress-related security flaws. The process includes testing for vulnerabilities at various access levels, including:

      • Basic Remote Testing: This is where users with no log in access attempts to exploit the theme.
      • Low Privileged Remote Testing: This is where users assigned low roles have the ability to 
increase their access.
      • Local Attacks: Users with low access to the server are able to use the theme to increase 
administrative access to the server.
      • Admin Attacks: Focus is on identifying potential Cross Site Request Forgery (XSRF) and Cross-Site 
Scripting (XSS) potentials while using the administrator role


      For each of the core areas described above Sucuri focuses on some of the most prevalent security flaws, such as:

      • Remote or local file includes vulnerabilities
      • Cross-Site Scripting (XSS)
      • SQL Injections

      The next phase, the Code Audit, consists of a thorough line-by-line review of the theme. This phase focuses on problems such as:

      • Concurrency problems
      • Flawed business logic
      • Access control problems
      • Cryptographic weaknesses
      • Backdoors, Trojans
      • Time Bombs
      • Logic Bombs
      • Input validation issues
      • Check Error Handling
      • Cross-Site Scripting
      • SQL Injection
      • Cross Site Request Forgery

      Their auditing procedure is developed based on OWASP guidelines and is tailored to WordPress specifically.

      • Well, you came up with another blog post here Nick. 😛 You better paste this as another blog post and make those never-pleased people understand how much you put efforts in making those themes work. Been your customer for close to two years and I have found rock solid themes all the time… Keep up the good work.. Thanks

      • It crystal clear now and I’m amazed that Divi could pass all that looking at all the codes doing magic under the hood to creating beautiful, swift and secure website. Well done NICK for taken security seriously even when we didn’t choose it as one of our no 1 point agenda during the survey.

  21. Congrats guys for this job on a WordPress theme. Continue like this.

  22. Congratulations to Nick and the whole ET-Team! 🙂

  23. Congratulations to the ET team ! Proud to use Divi. This gal is sleek =)

  24. Great new Nick and well done to the ET team.

    I’ve used Divi on a couple of sites now and the more I use it the better and better it seems to get, the tiny amount of work I’ve had do to tweak the responsive views on the current site was a huge testament to just how good and flexible Divi really is!

  25. Congratulations, it’s well deserved! It’s my favorite theme to work with by far. I love the clean look and the easy interface, but the layouts are truly revolutionizing my workflow and saving me lots of time.

  26. Fabulous news Nick.
    I use Sucuri on all my sites and they are the guys who should know.

  27. Awesome! I will use this as a sales argument for my websites. I’ve got one question: what type of issues could have been encountered by the theme that Siri helps prevent? (to understand fully the extent of this)

  28. That is great news and fits to the quality of your themes anyway.

    You still recommend a firewall like wordfence?

      • Can we use that “Sucuri Seal” on our sites if we are using Divi?
        If we can, where do we find it?

        • That seal is a Member item they provide when you hire Securi for Server Side and Website Monitoring. They also have a member plugin, different from the free WP plugin. Well worth the money in you have a shared hosting situation with multiple sites especially. I had client sites on a server with DIVI, (their hosting account) and they had malware on other sites I didn’t get near, still made it over to all the sites on the server. Securi is who I had handle it, and they were fast and did a great job of weeding out the backdoors. By the time the hosting company caught the Malware and wanted to suspend the account, we were already about done with the cleanup. Highly recommend both Elegant Themes and Securi for WordPress Developers and Designers.

        • I’m not sure if that would be appropriate or not. I would email sucuri.net and see what they say, just to make sure.

          • Please update us on this via your comment or blog post or anything. Thanks for this wonderful themes by the way.

  29. Congratulations Nick and the Elegant Themes team! Keep up the good work, I’m planning to make a switch back to Elegant Themes theme (with Divi) this year =D

    I just need to create some short video content to make the website as awesome as the theme itself!

  30. Great news! I’m using the Divi in two projects already and my job is just so easy now.

    Keep the excelent work ET Team!

  31. Congratulations to all the team.

    Needless to say that I’m loving the theme and am really looking forward to version 2.

  32. This is great to know. I’m glad ET takes security so seriously. Give me confidence in using Divi and other ET themes.

  33. Great work then! keep the good effort!

  34. That’s great news. Made me more confident in using Divi for my projects.

Leave A Reply

Comments are reviewed and must adhere to our comments policy.

Get Started With Divi