The recent Timthumb.php vulnerabilityhas left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.
Thankfully the Timthumb Vulnerability Scanner plugin will do the job of checking your theme for out of date Timthumb code and give you the option to upgrade it!
As some of you will already be aware, the popular image resize script TimThumb.php (used/included in many WordPress themes), was identified as having a security hole.
This exposed the sites using the script vulnerable to attack and code injection. Even themes housing the script that are not active on a WordPress installation, can cause issues. So it’s important to secure your active theme and DELETE any themes not in use.
There are many articles now available regarding the issue and how to address it, so here are some, should you require further information:
It’s important to check your theme/s, update the TimThumb.php script if it’s in use on your theme and implement some of the suggested security measures to secure your site in the future.
If you need further advice or help, please submit a Support Ticket
Well, what can we say? It’s all here with a great plugin to boot!
‘ I started writing my beginner’s guide to WordPress SEO a while back, and have since done a load of posts on the subject, an article in the Search Marketing Standard, newsletters, and presentations. It’s time to let all the info of all these different articles fall into one big piece: the final guide to WordPress SEO. ‘ – Joost de Valk
This post is going to be a constantly updated feature, focusing on keeping WordPress installs as secure as possible.
WordPress is a third party application and is constantly being updated to imrpove and patch security issues.Â It’s important to keep your install of WordPress and all Plugins, up to date.
Above all, ensure sure you make a regular backup, also when you’re about to install new plugins or make changes to your core site files.Â As much as you try to keep the bad guys out by implementing some (or all) of these tips, having a regular backup taken of your site files and database provides peace of mind.
- Admin User – Always create a new user with admin priveledges and delete the default ‘admin’ user.Â The admin username will be a key target for hackers.
- Keep WordPress up to date! – Always keep WordPress up to date to the latest version.Â This is easy with the automatic update feature from within the WordPress admin area.Â No excuses!
- Use SSL in the admin area – This means encryption of all data during admin sessions in WordPress.Â This involves adding a small peice of code to your wp-config.php file and having a dedicated SSL certificate.
- AnitVirus Plugin – AntiVirus for WordPress is a smart and effective solution to protect your blog against exploits and spam injections. http://wordpress.org/extend/plugins/antivirus/
- Ultimate Security Checker Plugin – Helps you identify security problems with your wordpress installation. It scans your blog and give a security grade based on passed tests. http://wordpress.org/extend/plugins/ultimate-security-checker/
We’ve been running our FREE WordPress book offer for a while now with great success. Order any WordPress hosting package, pay for it annually and we’ll send you the fantastic ‘Smashing WordPress’ – Beyond the Blog’.
However, we’ve decided to go one (or two!) better.Â Not only do you get a FREE WordPress book, you get a choice from three of the current best selling books available.
Now, with the choice of ‘WordPress for Dummies’, ‘Smashing WordPress Beyond the blog’ or ‘Wicked WordPress Themes’.Â There is a book for every level of WordPress user and three great reasons to start a new site.
Order yours today
As many of you will have noticed from the indication at the top of your WordPress admin panel, version 3.1 is available. As always, we’re excited about this new release and can’t wait to use the new features.
With the 3.1 release, WordPress is more of a CMS than ever before. The only limit to what you can build is your imagination.
View the official press release here: http://wordpress.org/news/2011/02/threeone/
Learn how to update from your dashboeard here: http://codex.wordpress.org/Dashboard_Updates_SubPanel
Please, ALWAYS BACKUP !Â before carrying out any upgrade or major change to your site.
As always, if you would like us to carry out the upgrade (Â£40+VAT), you can order via a support ticket