Plugin to Check TimThumb vulnerability is available to download
It does feel like yesterday, I have posted the TimThumb wordpress vulnerability article, with the reference about the hack of this image modification php script.
Although I know that my current theme has Thumb.php, and some popular themes are recently using this php script too, and if you are not sure if your theme or plugins are having this php, you might want to check using a plugin to check TimThumb vulnerability.
In the beginning, I actually search if I have any of this script via cPanel, and searching for it. But I haven’t found one, except of the thumb.php.
However, I checked in diythesis forum, that this thumb.php should not be affected with the script, so after installing this plugin to check TimThumb vulnerability, I haven’t fixed my thumb.php.
Download Plugin to Check TimThumb vulnerability
As usual, I always recommend to download any plugins from wordpress plugins database, or from a website that is really realiable for the security.
You can download manually from this wordpress plugins database, or install it directly from your dashboard or admin page.
I have personally installed it inside my admin dashboard.
Some related posts which might help to install or use wordpress plugins:
How to install wordpress plugins
You don’t have plugins if you use wordpress.com
Plugin to Check TimThumb vulnerability and then fix those vulnerabilities
Very important: Backup your database before doing this, none knows what will happen, I have tested it personally, and it worked well, but it doesn’t mean that it will fine with your blog.
Also save your current theme and wp-content folder in your computer is wise idea, if there is something happens, immediately ask your webhost to restore your blog. (related: backup and restore in wordpress)
Right after you install this wp plug in, in your dashboard, you will find the setting in Tools.
1. So navigate to Tools, and then you will see “TimThumb Scanner”. Click on that link
2. Once you clicked that link, you will see a small tiny button, which has a label, “scan” click that button, and it will automatically scan all your files, including theme files, plug ins files all of them in your webhost files directory.
3. Once it is done scanning, you will see “Vulnerable Timthumb Files” with the red fonts, which means they need to be fixed.
Click the “fix” buttons to update or upgrade to the newest updated TimThumb php script.
I have personally used this plugin to check TimThumb vulnerability in my blog, and removed the plugin after the usage.