TimThumb security risk and solution – find out if this affects you!

September 8, 2011 / Pieter Hartsook / / , , , ,

alertThere is a great post on the background of this problem by Mark Maunder that I recommend you read to understand the severity of the issue:

Technical details and scripts of the WordPress TimThumb.php hack

But even better, Mark has written a WordPress plugin that you can install. It will find any vulnerable copies of timthumb.php and allow you to update them to a secure version. The plugin is called Timthumb Vulnerability Scanner and is available from the WordPress.org plugin directory.

This vulnerability is now widely know and websites are being hacked.

This is a serious issue, you DO NOT WANT YOUR SITE HACKED.

Take 5 minutes to install and run the Timthumb Vulnerability Scanner plugin right now, otherwise you could be facing hundreds of dollars and/or many hours trying to clean up your hacked site.

Some hosting companies like Bluehost and Fatcow are proactively locating vulnerable copies of timthumb.php and replacing them with safe copies, and sending out email to the account holders letting them know what was done. But your hosting company may not do that, or some copies may be missed. Be safe and check for yourself.

Posted in , , , ,

Pieter Hartsook

WordPress website coaching, design, implementation, support, and training. Background in Marketing Research and Communications. See my profile at: https://www.linkedin.com/in/hartsook/

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *

Limit search for phrases by using " " around the phrase

Signup for Monthly Email Notification

!
Subscribe

Get notified of new posts from WordPress Website Coach. We only send these out once on the 1st of each month.

Something went wrong. Please check your entries and try again.

Recent Code Snippets

WordPress site migration, copying your site and moving it 1

WordPress site migration, copying your site and moving it

Posted in , , , , ,

There are several reasons why you might want to copy your website,

you want to make a “sandbox” copy to experiment on, without affecting the public-facing production site
you want to change hosting companies to get a better deal, faster performance or more functionality
having a complete copy of your website is a great insurance policy should something happen to your host and your site is lost.

Read More
Are your website pages loading slowly? This might help... 2

Are your website pages loading slowly? This might help…

Posted in , , , , ,

Jetpack Photon should help I recommend Jetpack-Photon module (deactivate all the other Jetpack modules you don’t use). Photon is an image-only CDN solution using Automatic’s servers. All your images are uploaded to their servers the next time the image is served after you activate Photon. Subsequently the images are served […]

Read More
2-column videos test 3

2-column videos test

Posted in , ,

Using column shortcodes to make 2 columns didn’t work for this post. But I was able to do this on a Page (instead of a Post) using the theme’s 2-column page template.

See the succesful results at: Multi-column video test page

Read More
It's OK to go ahead now... WARNING! Don't update BackWPup plugin to version 3.x yet It's OK to go ahead now... 4

It's OK to go ahead now… WARNING! Don't update BackWPup plugin to version 3.x yet It's OK to go ahead now…

Posted in , , , ,

BackWPup plugin developer, Daniel Huesken has decided to begin offering a “Pro” version beginning with version 3.0 of the plugin. I don’t have a problem with this and in some cases might recommend the Pro version to some of my clients. All the issues I had with the switch to version 3.0 […]

Read More

Markup: HTML Tags and Formatting

Posted in

Headings Header one Header two Header three Header four Header five Header six Blockquotes Single line blockquote: Stay hungry. Stay foolish. Multi line blockquote with a cite reference: People think focus means saying yes to the thing you’ve got to focus on. But that’s not what it means at all. […]

Read More
I Am Worth Loving Wallpaper

Markup: Image Alignment

Posted in

Welcome to image alignment! The best way to demonstrate the ebb and flow of the various image positioning options is to nestle them snuggly among an ocean of words. Grab a paddle and let’s get started. On the topic of alignment, it should be noted that users can choose from […]

Read More
Load More

Find Posts by Keywords

alignment backup bargins Beaver Builder Beaver Themer captions Codex comments content cross-posting css ecosystem edge case embeds excerpt Facebook featured image flickr formatting gallery Genesis html image images It's Broken! jetpack markup photos pingbacks plugins Post Formats shortcode site performance slideshows social media statistics template testing themes tiled title trackbacks upgrades video work around

Categories

Skip to content