Alert : TimThumb.php

The recent Timthumb.php vulnerabilityhas left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.

Thankfully the Timthumb Vulnerability Scanner plugin will do the job of checking your theme for out of date Timthumb code and give you the option to upgrade it!

As some of you will already be aware, the popular image resize script TimThumb.php (used/included in many WordPress themes), was identified as having a security hole.

This exposed the sites using the script vulnerable to attack and code injection. Even themes housing the script that are not active on a WordPress installation, can cause issues. So it’s important to secure your active theme and DELETE any themes not in use.

There are many articles now available regarding the issue and how to address it, so here are some, should you require further information:

It’s important to check your theme/s, update the TimThumb.php script if it’s in use on your theme and implement some of the suggested security measures to secure your site in the future.

If you need further advice or help, please submit a Support Ticket

2 Responses to “Alert : TimThumb.php”

  1. Tim thumb fix which is linked to on your site cannot be found anywhere from within wordpress when you search for it on the plugins page.
    Is it real? Or is this a hoax poasted on your site?

  2. richard says:

    Hi Robert,
    Thank you for your comment.

    Can you confirm this when you do a search for ‘Timthumb Vulnerability Scanner’, becasue it does return the plugin when I search for this from our demo site plugins page.
    Thanks for your caution, but any posts on our blog will always include genuine, safe links and no hoax.

Leave a Reply