PliablePress Blog

Tips, News & Previews

TimThumb Security Fix

You may well have heard all about the TimThumb issue by now, but if not; TimThumb is an image resizing script used by a lot of WordPress themes (Including us). A serious security issue was recently discovered in TimThumb which can lead to your site being compromised, so please do read on to fix this.

It is important that everyone takes steps to fix this issue. To do this, you need to do the following:

  • Go here, and save this file as timthumb.php (Or just right click that link and choose “Save Target As”).
  • Log into your site via FTP.
  • Browse to wp-content > themes > pliablepress > admin > scripts
  • Upload your new timthumb.php file over the one in that folder.
  • Open the “cache” folder (In the same location as timthumb.php) and delete everything inside it.

If you are not sure how to use FTP, please contact your webhost for further advice. If needs be, tell them it is to solve this widespread security issue and they may even do it for you (Hacked sites are in no-one’s benefit!).

(Just as a sidenote; the vast majority of our resizing is done using WordPress’ built-in functionality, however, TimThumb is there for anyone who used to use custom fields to set post thumbnails)


Newsletter Subscribe

Comments on “TimThumb Security Fix”

  1. Duane Kinsey said:

    Hi Michael,
    Just letting you know that the path above is incorrect (for me, at least). For my site it was wp-content > themes > chameleon > admin > scripts.
    All updated now. Cheers.

    29th August 2011 Reply

  2. Keith Davis said:

    Hi Michael
    This timthumb thing has really caused problems.

    My theme is by Elegant Themes and in the older versions of theit themes they dis use timthumb.

    Fortunately they posted a fix as you have done above and their latest updates don’t use the file.

    Good that guys like you keep the rest of us in the loop.

    How is the business going?
    Hope it’s going well.


    1st September 2011 Reply

  3. David F said:

    On any wordpress site that I am concerned may be vulnerable to Tim Thumb vulnerabilty I install and run the free wordpress plugin Tim Thumb Vulnerabilty scanner available at

    5th October 2011 Reply

  4. sports jersey,stores,denver broncos home jersey,colors said:

    Home offices are becoming more of a necessity with more people telecommuting or running their own businesses from home. A consumer preferences survey by the National Association of Home Builders found a home office was the third most desired specialty room.
    sports jersey,stores,denver broncos home jersey,colors

    21st September 2013 Reply

Leave a Reply