Secure your TimThumb now!

Posted in Blog
Aug 3, 2011

timthumb.php is an image resizing script that is used in many packaged WordPress and other themes. This include WordPress themes such as previous versions of ElegantThemes.com. ElegantTheme has now removed all instances of timthumb.php from their themes and urges everyone who uses their themes to upgrade to their latest version of the themes.

However, if you had made code customizations to their theme, it is not so simple to upgrade because you might overwrite your customizations. You would have to do a “code merge” of your customizations to their latest theme versions.

You may not be able to get to that right away. But you can not let this security hole sit on your site. Sites have already been hacked. MarkMaunder.com was one of them and was one of the first to report on this vunerability. You need to either replace your timthumb.php content with their latest trunk version on Google Code and make the patches as recommended here. Or just delete the timthumb.php file if your site is not using it’s functionality.

---