TimThumb security risk and solution – find out if this affects you!

alertThere is a great post on the background of this problem by Mark Maunder that I recommend you read to understand the severity of the issue:

Technical details and scripts of the WordPress TimThumb.php hack

But even better, Mark has written a WordPress plugin that you can install. It will find any vulnerable copies of timthumb.php and allow you to update them to a secure version. The plugin is called Timthumb Vulnerability Scanner and is available from the WordPress.org plugin directory.

This vulnerability is now widely know and websites are being hacked.

This is a serious issue, you DO NOT WANT YOUR SITE HACKED.

Take 5 minutes to install and run the Timthumb Vulnerability Scanner plugin right now, otherwise you could be facing hundreds of dollars and/or many hours trying to clean up your hacked site.

Some hosting companies like Bluehost and Fatcow are proactively locating vulnerable copies of timthumb.php and replacing them with safe copies, and sending out email to the account holders letting them know what was done. But your hosting company may not do that, or some copies may be missed. Be safe and check for yourself.

(This post was viewed 56 times) in the last month.)

Related Posts

Testing a new Picasa and Flicker plugin for WordPr... I just pasted the URL of a Picasa album below (http://picasaweb.google.com/107310476656218787840/PieterSUkulele)http://picasaweb.google.com/107310...
Adding photos to your WordPress blog So you want to spice up your posts with Flickr, Picasa, or iPhoto, images from your computer? You can just insert one or two using the Upl...
Lightbox Plus plugin demo July 2017 update: The Lightbox Plus plugin is no longer available. I've replaced that on this site with Responsive Lightbox by dFactory. This plugin h...

hartsook

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Limit search for phrases by using " " around the phrase

Categories