The recent Timthumb.php vulnerabilityhas left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.
Thankfully the Timthumb Vulnerability Scanner plugin will do the job of checking your theme for out of date Timthumb code and give you the option to upgrade it!
As some of you will already be aware, the popular image resize script TimThumb.php (used/included in many WordPress themes), was identified as having a security hole.
This exposed the sites using the script vulnerable to attack and code injection. Even themes housing the script that are not active on a WordPress installation, can cause issues. So it’s important to secure your active theme and DELETE any themes not in use.
There are many articles now available regarding the issue and how to address it, so here are some, should you require further information:
- Technical details and scripts of the WordPress TimThumb.php hack
- The Register
- Timthumb.php Security Vulnerability – Just the Tip of the Iceberg
It’s important to check your theme/s, update the TimThumb.php script if it’s in use on your theme and implement some of the suggested security measures to secure your site in the future.
If you need further advice or help, please submit a Support Ticket