You are here: Home / Blog / WordPress Security Tip: Use Timthumb Vulnerability Scanner Plugin

WordPress Security Tip: Use Timthumb Vulnerability Scanner Plugin

Last updated on March 11, 2012 by 2 Comments

Timthumb Vulnerability Scanner pluginHelp increase security on your WordPress blog by using the Timthumb Vulnerability Scanner Plugin!

TimThumb is a PHP script that crops, zooms, and resizes images. It's commonly used in WordPress themes and plugins.

This script uses a cache directory from within your wp-content directory to grab and resize your images.

Authors of themes and plugins that use this script name the file timthumb.php or thumb.php (used by Woo Themes), but it could be on your WordPress site with a different name.

Unfortunately, back in August 2011 malicious hackers discovered a backdoor in the TimThumb script and infected a massive number of WordPress sites. This put website owners in a panic! WordPress users were removing themes and plugins, writing articles on how to remove timthumb from their blog, and calling me to fix their hacked WordPress sites.

Luckily, the developers of TimThumb acted quickly to close the backdoor and released TimThumb v 2.8.2 and fixed this security issue. issue.

Here are few theme authors who released a security patch and wrote blog posts to inform customers.

 Why You Need To Check Your WordPress Blog NOW for TimThumb Vulnerabilities

Some TimThumb scripts have not been updated and people are still getting hacked!

SOLUTION! There's a great plugin called Timthumb Vulnerability Scanner by Peter Butler of http://codegarage.com that will scan your site for outdated timthumb scripts AND update them for you :

This plugin could save your blog's life!!!

I highly recommend you download the Timthumb Vulnerability Scanner at WordPress.org or install the plugin from your Dashboard and run a scan now.

A big shout out to Peter Butler for giving us such a great tool to use!  :-D

Here's a quick video I did on Timthumb Vulnerability Scanner.

Have you checked your WordPress blog for any outdated versions of the Timthumb script? Let me know by leaving your comment below.

~ Regina Smola
WordPress Security Expert

==>> Pssst… Did you attend the “How to Create Prospect & Profit Pulling Content in 20 Minutes or Less with Jeff Herring, a Webinar Hosted by Regina Smola?”

Wow! What an amazing webinar. We were pumping out content during this live event, it was action packed and we produced results! And you can too! Listen to the Replay Right Now!. (Hurry, it's free and only available till the end of the weekend.)

Filed Under: Blog, WordPress Plugins Tagged With: ,
About Regina Smola

Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com. She has helped thousands of WordPress users tighten security on their WordPress sites and fixed hundreds of hacked WordPress blogs. Read More. Follow on Facebook, Google+, Twitter.

Comments

  1. Scott says:
    March 12, 2012 at 9:27 am

    Timthumb Vulnerability Scanner is a fantastic tool, and the latest updates added a new feature for scheduling scans.

    Reply
  2. wparena says:
    March 25, 2012 at 10:31 am

    I always got help from your tutorial, this one is also very helpful

    Reply

Speak Your Mind

*

CommentLuv badge
Real Time Web Analytics