WordPress Security Tip: Use Timthumb Vulnerability Scanner Plugin

Timthumb Vulnerability Scanner pluginHelp increase security on your WordPress blog by using the Timthumb Vulnerability Scanner Plugin!

TimThumb is a PHP script that crops, zooms, and resizes images. It’s commonly used in WordPress themes and plugins.

This script uses a cache directory from within your wp-content directory to grab and resize your images.

Authors of themes and plugins that use this script name the file timthumb.php or thumb.php (used by Woo Themes), but it could be on your WordPress site with a different name.

Unfortunately, back in August 2011 malicious hackers discovered a backdoor in the TimThumb script and infected a massive number of WordPress sites. This put website owners in a panic! WordPress users were removing themes and plugins, writing articles on how to remove timthumb from their blog, and calling me to fix their hacked WordPress sites.

Luckily, the developers of TimThumb acted quickly to close the backdoor and released TimThumb v 2.8.2 and fixed this security issue. issue.

Here are few theme authors who released a security patch and wrote blog posts to inform customers.

 Why You Need To Check Your WordPress Blog NOW for TimThumb Vulnerabilities

Some TimThumb scripts have not been updated and people are still getting hacked!

SOLUTION! There’s a great plugin called Timthumb Vulnerability Scanner by Peter Butler of http://codegarage.com that will scan your site for outdated timthumb scripts AND update them for you :

This plugin could save your blog’s life!!!

I highly recommend you download the Timthumb Vulnerability Scanner at WordPress.org or install the plugin from your Dashboard and run a scan now.

A big shout out to Peter Butler for giving us such a great tool to use!  😀

Here’s a quick video I did on Timthumb Vulnerability Scanner.

Have you checked your WordPress blog for any outdated versions of the Timthumb script? Let me know by leaving your comment below.

~ Regina Smola
WordPress Security Expert


Leave a Reply

Your email address will not be published. Required fields are marked *

CommentLuv badge