WishList Master

WishList Member certifed developer of WordPress based membership sites

  • Home
  • About
  • Contact

New fix for the TimThumb security vulnerability

September 7, 2011 By Bob Patterson Leave a Comment

If you have a WordPress theme that automatically generates thumbnail images (like those cool little photos that appear next to your post excerpts) then you may be vulnerable to being hacked.

Many themes, premium and free alike, have been using thumbnail resizing app called TimThumb. It’s almost a WordPress standard.

Not long ago somebody discovered a security vulnerabliltiy that allows bad guys to potentially gain access to the root directory on your web server. Not good. Over the past few weeks I’ve heard of countless instances of web sites being hacked and the results weren’t pretty.

Since the announcement we’ve been pretty busy updating themes that were vulnerable. Of the ones we have worked with the past few years Thesis, Elegant Themes and many Woo Themes have been discovered to be at risk. Not to fear, if we installed your theme initially then we have already fixed the problem.

Fortunately we just learned that Peter Butler at Code Garage has written a free plugin called TimThumb Vulnerabilituy Scanner that will fix it up pretty quick. I wish this was available two weeks ago.

It is available from the WordPress plugin repository from within WordPress. Just choose Add New under plugins and in the search box type “TimThumb” (one word). The vulnerability scanner should be on top. Click Install Plugin and when it’s done you will find it under Tools in the WordPress Dashboard. Just follow the directions…it’s super simple.

If you don’t want to mess with it just open a support ticket with us and we’ll put you on the schedule. Normal support rates apply. If you don’t have an account with us we’ll show you how to set one up.

Photo by Johnny Grimm

Filed Under: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *

Avatars by Sterling Adventures

Copyright © 2022 Patterson digital Media LLC · Log in

Home · Blog · Contact · Sitemap