TimThumb security risk and solution – find out if this affects you!

alertThere is a great post on the background of this problem by Mark Maunder that I recommend you read to understand the severity of the issue:

Technical details and scripts of the WordPress TimThumb.php hack

But even better, Mark has written a WordPress plugin that you can install. It will find any vulnerable copies of timthumb.php and allow you to update them to a secure version. The plugin is called Timthumb Vulnerability Scanner and is available from the WordPress.org plugin directory.

This vulnerability is now widely know and websites are being hacked.

This is a serious issue, you DO NOT WANT YOUR SITE HACKED.

Take 5 minutes to install and run the Timthumb Vulnerability Scanner plugin right now, otherwise you could be facing hundreds of dollars and/or many hours trying to clean up your hacked site.

Some hosting companies like Bluehost and Fatcow are proactively locating vulnerable copies of timthumb.php and replacing them with safe copies, and sending out email to the account holders letting them know what was done. But your hosting company may not do that, or some copies may be missed. Be safe and check for yourself.

(This post was viewed 56 times) in the last month.)

Related Posts

WordPress 3.5 has arrived, I've installed it,... Another in a series of painless upgrades from WordPress. Double thumbs up for WordPress.org.One big advantage of this version of WordPress is tha...
Adding photos to your WordPress blog  So you want to spice up your posts with Flickr, Picasa, or iPhoto, images from your computer? You can just insert one or two using the Upl...
Simple Image Map Creation, but there is a caution ... Someone at our recent Weekly WordPress Support Group at TechLiminal in Oakland CA asked about how to create an image map to use as a navigation featur...

hartsook

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Limit search for phrases by using " " around the phrase

Categories