Problem
Pushed Elementor 3.27.1 to a client marketing site on Saturday evening. Homepage still rendered fine on the front end, permalinks worked, WP-Admin opened. The moment I clicked "Edit with Elementor" on any page, the editor canvas loaded to a pure white screen. The top bar showed, the left panel showed the widget list for half a second, then everything blanked. No loading spinner, no modal, nothing.
Browser console was loud. Three separate 500 errors on /wp-admin/admin-ajax.php?action=elementor_ajax and one red line from Elementor's bundle:
Uncaught TypeError: Cannot read properties of undefined (reading 'types')
at elementor-editor.min.js:2:419821
Rolled Elementor back to 3.26.4. Editor loaded. Rolled forward. White screen again. If your Elementor editor is frozen on a blank canvas after the 3.27 update and the front end still renders, you are almost certainly hitting the same bug.
Why It Happens
Elementor 3.27 rewrote the widget registration pipeline to lazy-load the widget types map over AJAX instead of hydrating it from the initial page render. On a clean install, that works. On real sites running any of the following combos, it breaks:
- Elementor Pro below 3.27. The Pro plugin ships its own custom widgets that register against the new pipeline. If Core is 3.27 but Pro is still 3.26, the widget manifest AJAX call returns a payload that the newer Core bundle does not know how to deserialize, so the editor throws while reading
typeson a null manifest. - A heartbeat or AJAX nonce rejected by a security plugin. Wordfence, iThemes Security, and Solid Security all added stricter request filtering in their 2026 updates. The
elementor_ajaxendpoint uses a custom nonce (editor_nonce) that these plugins silently block when the referrer path does not match/wp-admin/post.php. The editor sees a 403 and falls back to an empty manifest. - An outdated cached bundle at the CDN. Cloudflare, BunnyCDN, and Kinsta's edge all cache
/wp-content/plugins/elementor/assets/js/editor.min.jsby URL. When Elementor updates, the file path stays the same — only the content hash changes. If you did not purge the plugin asset path on update, editors keep serving the 3.26 JS against the 3.27 PHP backend and the manifest shapes disagree.
Confirming which one hit you is a five-minute job. Open the editor, then the network tab, filter by admin-ajax. If you see a 500 on elementor_ajax, read the response body — the stack trace usually names the Pro widget that failed to register. If you see a 403, it is the security plugin. If the request succeeds but the editor still blanks, purge the CDN and try an incognito window. That will isolate the cache case.
The Fix
Three fixes for the three causes. I needed all three on the client site that triggered this writeup.
1. Pin Elementor and Elementor Pro to the same minor version.
This is the root cause in about 70% of the tickets I see. Log into wp-admin/plugins.php, check the installed version of both. If Core shows 3.27.x and Pro shows 3.26.x, update Pro first. If Pro does not have a 3.27-compatible release yet, roll Core back until it does. Never run them out of sync.
Pin both versions in your deploy pipeline so nobody accidentally auto-updates one without the other:
// wp-content/mu-plugins/elementor-version-lock.php
<?php
add_filter('auto_update_plugin', function ($update, $item) {
$locked = ['elementor/elementor.php', 'elementor-pro/elementor-pro.php'];
if (in_array($item->plugin, $locked, true)) {
return false;
}
return $update;
}, 10, 2);
add_filter('site_transient_update_plugins', function ($transient) {
if (!is_object($transient) || empty($transient->response)) {
return $transient;
}
foreach (['elementor/elementor.php', 'elementor-pro/elementor-pro.php'] as $slug) {
if (isset($transient->response[$slug])) {
unset($transient->response[$slug]);
}
}
return $transient;
});
Drop this in wp-content/mu-plugins/ and WordPress will stop offering either plugin as an available update through the dashboard. You update them manually, together, after testing in staging. That alone would have saved me the Saturday evening.
2. Whitelist the Elementor AJAX endpoint in your security plugin.
For Wordfence, go to All Options → Firewall Options → Whitelisted URLs and add /wp-admin/admin-ajax.php?action=elementor_ajax. For Solid Security, go to Security → Local Brute Force Protection → Whitelist and add the same path.
If you prefer config-as-code, register the bypass in functions.php:
add_filter('wordfence_ls_require_captcha', function ($require, $path) {
if (strpos($path, 'action=elementor_ajax') !== false) {
return false;
}
return $require;
}, 10, 2);
Elementor's own docs cover the nonce flow in the REST API reference, but they do not walk through security plugin conflicts, which is where most real bugs live.
3. Purge the plugin asset path on every Elementor update.
Hook into upgrader_process_complete and call your CDN's purge API the instant either Elementor plugin finishes updating:
add_action('upgrader_process_complete', function ($upgrader, $options) {
if ($options['type'] !== 'plugin' || empty($options['plugins'])) {
return;
}
$elementor = ['elementor/elementor.php', 'elementor-pro/elementor-pro.php'];
$matched = array_intersect($elementor, $options['plugins']);
if (empty($matched)) {
return;
}
$paths = [
home_url('/wp-content/plugins/elementor/assets/*'),
home_url('/wp-content/plugins/elementor-pro/assets/*'),
];
wp_remote_post('https://api.cloudflare.com/client/v4/zones/' . CF_ZONE_ID . '/purge_cache', [
'headers' => [
'Authorization' => 'Bearer ' . CF_API_TOKEN,
'Content-Type' => 'application/json',
],
'body' => wp_json_encode(['files' => $paths]),
]);
}, 10, 2);
Swap the Cloudflare block for your CDN's purge call. This runs once per update, no cron required, and guarantees editors hit fresh JS.
Gotchas
Object cache carrying a stale widget map. If you run Redis or Memcached object cache, flush it after the update. Elementor stores the registered widget list under elementor_widgets_cache, and a stale value will cause the same blank canvas even after everything else is correct.
Browser extension conflicts. Grammarly, LastPass, and ColorZilla all inject into the Elementor iframe and can trip the same types error by mutating widget DOM before Elementor hydrates. Ask the client to retry in incognito before rolling back the plugin.
Stuck on an Elementor site with WooCommerce? Block Checkout and Elementor templates sometimes disagree on which hooks fire first. I cover one version of that in my WooCommerce Checkout Block payment methods fix.
Need the Elementor Editor Back Online Today?
I fix editor crashes, plugin conflicts, and AJAX failures on live WordPress sites without forcing a rollback that loses your client's new content. If your Elementor canvas is frozen and your team can't ship, send me the site URL on my services page and I'll get the editor working before the next working day.