Important Update Info

Last Update: March 29, 2024

With each new Avada update comes incredible new features, new options, code improvements and fixes. Our team takes the utmost care in creating updates and ensuring everything is fully tested, both by our team as well as a large group of beta customers. It is important that we communicate to our customers any important items that need to be taken into consideration when updating. This post is dedicated to relaying that information to you any time a new major version of Avada is released.

Avada 7.11.7 Important Update Information

1. Security Fixes

Avada 7.11.7, fixes a few minor security issues that can only be exploited by authenticated Contributor+ level users. This is disclosed in our Changelog and we have released a blog post covering some more details: https://avada.com/blog/version-7-11-7-security-update/. Below you can find the items from our Changelog:

  • SECURITY: Fixed Contributor+-level-only XSS vulnerability, allowing site Contributors to add custom script code certain element link options
  • SECURITY: Fixed Contributor+-level-only SSRF vulnerability, allowing Contributors to set Avada Form submission type to unsafe web requests
  • SECURITY: Fixed Admin+-level-only SQL injection vulnerability, where SQL code could be injected into an Avada Forms submissions entry removal request
  • SECURITY: Fixed possibility of Avada Forms upload folder being directly accessible

General Update Information

1. Always Backup Your Current Setup

We strongly recommend that you have a current backup of your website, including your WordPress database, wp-content folder, your wp-config.php file, and, if applicable, your .htaccess file in your WordPress installation folder. You can use these to revert back to your original site if something unforeseen happens during the update process.

If you are not familiar with how to do this yourself, there are several plugins available that completely automate that process for you, such as:

2. Update Avada Theme Files First

When an update becomes available, the theme files will be the first part that should be updated. You should see that an update is available in your WP Dashboard. You can follow the update prompt there and the latest version of Avada will automatically get installed.

2.1 Child Theme Users

If you are using a child theme, please switch to the parent theme before the update, to avoid any errors during the update. Please see Update The Child Theme below.

2.2 Manual Update

If you update the files manually, e.g. through FTP, please make sure to completely remove the previous Avada folder before adding the new updated folder, or you could end up with WP path issues, etc.

Also, do not rename the theme folder, as that will change the path name. WordPress stores menus,  widgets, and some other settings by folder path. If you are already facing this issue, rename your theme folder back to what it was before, and your settings, menus, widgets will be restored.

3. Required Plugins Must Be Updated

When you update Avada, you will see a notification message in your dashboard telling you the required plugins need to be updated. Follow the onscreen prompts to install the plugin updates. First update Avada Core plugin, and then Avada Builder plugin.

If you dismiss the prompt or do not see it, then you can go to Avada > Maintenance > Plugins & Add-Ons page and install the plugins from there.

In general, always make sure you are always using the most recent versions of the Avada Core and Avada Builder plugins.

4. Update The Child Theme

This applies, if you are using the child theme and have copied template files from parent theme to child theme, or added your own custom code. Old and outdated code in the child theme can lead to display issues or even fatal errors.

Thus, it is recommended that you switch to parent theme before the update. Once the update is done, you can switch back to your child theme and confirm it runs without issues.  If it doesn’t, please update your child theme templates and make sure your custom code is compatible with the latest version of Avada.

5. Clear And Rebuilt Critical CSS

If you are using Avada’s critical CSS feature, it is best practice to clear and rebuilt the critical CSS after every major update. On big updates, Avada will auto-clear it and prompt you to rebuild it.

6. Reset Avada Cache, Browser Cache, Server Cache And Plugin Cache

It is always recommended to reset all caching systems after an update, including Avada cache, your browser, plugin (e.g. W3 Total Cache), and server cache. Visual issues may happen and more often than not, its caused by caches, and they need to be emptied. Each browser allows you to remove cookies, history and other data.

Some hosting providers have server-side cache systems installed to optimize the speed of content delivery, please clear any server-side cache or ask your host to do it. This is also true for setups using CloudFalre or similar services. View our general cache information that describes the various forms of cache and how to clear them.

To reset all Avada caches, click the Reset Avada Caches button that you can find  by going to Avada > Options > Performance > Dynamic CSS & JS.