TimThumb security risk and solution – find out if this affects you!

September 8, 2011 / Pieter Hartsook / / , , , ,

alertThere is a great post on the background of this problem by Mark Maunder that I recommend you read to understand the severity of the issue:

Technical details and scripts of the WordPress TimThumb.php hack

But even better, Mark has written a WordPress plugin that you can install. It will find any vulnerable copies of timthumb.php and allow you to update them to a secure version. The plugin is called Timthumb Vulnerability Scanner and is available from the WordPress.org plugin directory.

This vulnerability is now widely know and websites are being hacked.

This is a serious issue, you DO NOT WANT YOUR SITE HACKED.

Take 5 minutes to install and run the Timthumb Vulnerability Scanner plugin right now, otherwise you could be facing hundreds of dollars and/or many hours trying to clean up your hacked site.

Some hosting companies like Bluehost and Fatcow are proactively locating vulnerable copies of timthumb.php and replacing them with safe copies, and sending out email to the account holders letting them know what was done. But your hosting company may not do that, or some copies may be missed. Be safe and check for yourself.

Posted in , , , ,

Pieter Hartsook

WordPress website coaching, design, implementation, support, and training. Background in Marketing Research and Communications. See my profile at: https://www.linkedin.com/in/hartsook/

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Limit search for phrases by using " " around the phrase

Signup for Monthly Email Notification

!
Subscribe

Get notified of new posts from WordPress Website Coach. We only send these out once on the 1st of each month.

Something went wrong. Please check your entries and try again.

Recent Code Snippets

Using the Right Tools Makes All the Difference 1

Using the Right Tools Makes All the Difference

Posted in , , , ,

The Start of a New Website Project Master Roofing Company  is a family-owned and operated Oakland roofing contractor with nearly 40 years experience of servicing residential and commercial clients in and around the San Francisco Bay Area. They had a Yelp page, but they didn’t have their own website. The […]

Read More
WordPress Resources at SiteGround 2

WordPress Resources at SiteGround

Posted in , , , ,

WordPress is an award-winning web software, used by millions of webmasters worldwide for building their website or blog. SiteGround is proud to host this particular WordPress installation and provide users with multiple resources to facilitate the management of their WP websites: Expert WordPress Hosting SiteGround provides superior WordPress hosting focused […]

Read More
How to embed a viewable pdf in a WordPress post 3

How to embed a viewable pdf in a WordPress post

Posted in , , , ,

Normally putting the URL of a pdf on a line by itself doesn’t display the pdf on a Word­Press page, and if you use the add media button and paste the URL for the pdf into the URL field, you get a link that will open the pdf, but the pdf does not display on the page itself,

Read More
Trouble moving your site to Godaddy Managed WordPress Hosting Plan? - Here are some pointers 4

Trouble moving your site to Godaddy Managed WordPress Hosting Plan? – Here are some pointers

Posted in , , , , ,

Recently a reader raised a question in a comment to a previous post. He was confused about how to move an existing site to Godaddy Managed WordPress Hosting. Having done this several dozen times now I’ve developed some “best practices” and work-arounds I can share.

Read More
Google filters out websites that are not mobile-friendly from search results - how to check your site 5

Google filters out websites that are not mobile-friendly from search results – how to check your site

Posted in , , , ,

Google has started rolling out filtering for Google searches from mobile devices. If you site doesn’t meet the criteria for mobile-friendly, your site won’t show up in the search results no matter how relevant your page is to the search. As more folks are visiting websites using smartphones and tablets […]

Read More
Is it time to give GoDaddy WordPress hosting another chance? 6

Is it time to give GoDaddy WordPress hosting another chance?

Posted in , , , , , , ,

Hosting your WordPress website on GoDaddy has been strongly discouraged by me and most of the WordPress consultants I know. But GoDaddy has just introduced a new WordPress Managed Hosting plan that may change all that.

Read More
Load More

Find Posts by Keywords

alignment backup bargins Beaver Builder Beaver Themer captions Codex comments content cross-posting css ecosystem edge case embeds excerpt Facebook featured image flickr formatting gallery Genesis html image images It's Broken! jetpack markup photos pingbacks plugins Post Formats shortcode site performance slideshows social media statistics template testing themes tiled title trackbacks upgrades video work around

Categories

Skip to content