wpvidZ

Learn WordPress With Video Tutorials

  • Blog
  • Browse
    • Backup & Restore
    • WordPress Localhost
    • WordPress Hosting
    • WordPress themes
    • Version Updates
    • Plugin Tips
    • Security
    • Tutorials
    • WordPress SEO
    • WP Miscellaneous
    • Sitemap
  • WP 5+ Tutorial
  • Search
wpvidZ Blog Security TimThumb WordPress vulnerability – is your theme or plugin affected by TimThumb security?

Security

TimThumb WordPress vulnerability – is your theme or plugin affected by TimThumb security?

Last updated on February 18, 2017
Posted on August 5, 2011

TimThumb WordPress vulnerability and Thesis theme?

How I was surprised after logged in to Thesis theme forum, about the discovery of a php script vulnerability. (related: Thesis as best seo theme)

This vulnerability issue fortunately should not affect Thesis theme users unless the user has hacked or change Thesis codes. (related: add related posts in Thesis theme without plugin)

Because Thesis by default does not allow “images” which are hosted in remotes websites.

If you are Thesis theme user, you can check this TimThumb WordPress and thesis thread here in the forum. (you will need to have username to login)

Although it states that we (Thesis users) should not be worried about it, but we should check on updates..we will never know. (related: should we upgrade Thesis theme)

And what about other wordpress bloggers who don’t useThesis theme? you can be affected, read further..

Wait, what is TimThumb? what is TimThumb wordpress vulnerability issue?

TimThumb itself is actually coming from a php script, called timthumb.php.

This timthumb.php script is a script that is used to modify websites images, or also imported images which are hosted external, for example, any images that are hosted in flickr, and you use that images from flickr in your website remotely via this script.

WordPress images uploader has already this functionality without using timthumb.php script, but there are tons of themes, or even plugins that use this script. (related: add wordpress featured image)

Now, you will probably ask yourself, do I have plugins that use this php based script? The answer is you should check your plugins.

I have only about 12 plugins, which are listed in my best blog plugins (after disabled some of the list), and I did not find any timthumb.php.

Even Wp-robot plugin does not use it, which makes me quite happy, since most of my other blogs use this plugin.

This is one of so many reasons why we should use only very important plugins, because if we should check on them, it won’t be big problem.

Basically, other than plugins, your theme can be affected by this issue too.

How does timthumb wordpress themes vulnerability happens? Because many themes are using this script to enhance their functionalities.

What themes are affected by this issue?

I have to mention, themes which are affected by this are also themes that are listed in wordpress themes database.

So if you have downloaded from any other websites, you will have to be more extra careful on checking other issues.

Until now, famous free themes, like arrass theme, mystique, magazine basic, etc are using this script.

timthumb wordpress
TimThumb script.

You can read the part of the list of the affetcted themes in this page.

Does this security only affect wordpress? big NO. It does not only affect wordpress, but it does affect any blogs or websites which are php based AND use this thimthumb.php script.

It does affect wordpress themes and plugins, because some of them use this script, BUT it does not affect wordpress core files. Example, you are now having a blog that has only default theme and default plugins, you will have nothing to worry about.

The problems will only come if you add or install any themes or plugins that are using this php script.

TimThumb WordPress vulnerability reference

  • Is my site loading fast? I use this shared hosting
  • Try my theme >

1. The blog that has affected and hacked by this script.

2. TimThumb code issue.

3. Fix on those who use some of WooThemes themes.

4. Fix on those who use Elegant themes templates.

Are you using theme or plugin that has timthumb wordpress vulnerability issue? it is best to check now.

hack secure security timthumb tutorial

Latest Posts

  • Twenty Nineteen Theme Full Tutorial – Creating a Website
  • Uninstall W3 Total Cache Plugin – Incredibly Easy!
  • Create WordPress Website 2018 on SiteGround Genesis
  • WordPress Noopener Noreferrer Rel Attribute Quick Fix
  • WordPress CDN Setup with MaxCDN and W3 Total Cache Plugin
  • Twenty Seventeen One Page Parallax Scrolling Website Style
  • How To Add Google Map in WordPress Contact Page
  • WordPress 4.7 Justify Text and Underline
  • Twenty Seventeen Footer “Proudly Powered By WordPress” Text
  • How To Add YouTube Subscribe Button To WordPress Website
← How To Secure Your Blog
→ Plugin to Check TimThumb vulnerability

Comments

  1. Joe Ban says

    August 7, 2011 at 7:59 pm

    I really enjoy your articles. I had a question that I wondered if you could help. I wrote a recent article for my wordpress site and had the spacing the way I wanted but when it was published the spacing was gone between paragraphs. I can’t seem to fix it since my edit area shows my spacing but viewers don’t see the spacing. Any ideas? Thanks.

Comment form on this post is closed after 60 days.

Search

Worth Reading

  • WordPress Admin ID with a Custom Number
  • Plugin to Check TimThumb vulnerability
  • How To Secure Your Blog
  • Wordpress security with Plugins Part 1

Backup & Restore

Backup WordPress Without a Plugin or FTP

Export WordPress Database using phpMyAdmin

BigDump Alternative – When BigDump Failed Importing Large WP Database

At This Place The Current Query Includes More Than 300 Dump Lines

View All..

Live Online Website

View All..

Offline Installation

How to Upload WordPress localhost to live server manually

Steps to Install WordPress on Windows 8 and WAMP 2.4

Install WordPress on Mavericks OS X 2014

Maximum upload file size in WAMP WordPress

View All..


WPvidz Hosting Image

  • About Me
  • Contact
  • Affiliate Disclosure
  • Privacy Policy
  • Term of Use

Copyright© 2023 wpvidz.com SG2021 | sitemap.xml


WPvidz.com is independent from WordPress.org but is proudly powered by WordPress & its block-based editor (Gutenberg)

WpvidZ.com uses cookies" to give you the best browsing experience possible. If you click "I Accept" below then you are consenting to this. For more information about your privacy settings on this website, please visit the Privacy Policy page. I Accept