PliablePress Blog

Tips, News & Previews

TimThumb Security Fix

You may well have heard all about the TimThumb issue by now, but if not; TimThumb is an image resizing script used by a lot of WordPress themes (Including us). A serious security issue was recently discovered in TimThumb which can lead to your site being compromised, so please do read on to fix this.

It is important that everyone takes steps to fix this issue. To do this, you need to do the following:

  • Go here, and save this file as timthumb.php (Or just right click that link and choose “Save Target As”).
  • Log into your site via FTP.
  • Browse to wp-content > themes > pliablepress > admin > scripts
  • Upload your new timthumb.php file over the one in that folder.
  • Open the “cache” folder (In the same location as timthumb.php) and delete everything inside it.

If you are not sure how to use FTP, please contact your webhost for further advice. If needs be, tell them it is to solve this widespread security issue and they may even do it for you (Hacked sites are in no-one’s benefit!).

(Just as a sidenote; the vast majority of our resizing is done using WordPress’ built-in functionality, however, TimThumb is there for anyone who used to use custom fields to set post thumbnails)