Popular thumbnail script poses security vulnerability for WordPress users

Popular thumbnail script poses security vulnerability for WordPress users

spy guyIt has just been discovered that a popular image script used in WordPress themes is vulnerable to hackers and poses a serious security threat to websites using this CMS platform.

The script is called “Tim Thumb”, which resizes images to thumbnails and is used by millions of websites throughout the WordPress community. Vulnerability within the script also means a security
issue for your website from any theme that uses it.

This security flaw also applies to all of your inactive themes. If you have any theme installed that contains or may contain the timthumb.php file; even if it is inactive, then you are potentially at risk. While the author has now provided a fix, many developers are recommending that webmasters and website ownwers remove any and all themes that were created prior to the fix date.

If you are using WordPress for your blog or website, it is recommended that you delete all the themes that you are not using, and update the themes that you are using. To update your theme and remove the php file, simply delete your current theme via the Appearances > Themes section of the WordPress Dashboard.

Before re-installing an updated or new theme, be sure to de-activate your plug-ins.  Once the new theme is installed and activated, re-activate your plug-ins one at time to avoid any potential conflicts.

For added security, be sure to also update to the latest version of WordPress. If you are unsure whether or not your theme contains the TimThumb script, then you may want to delete it anyway, as it is better to be safe than sorry.

Popular WordPress themes designer company, Elegant Themes were diligent in sending out an informative notice to its subscribers, indicating that all Elegant WordPress themes have now been updated with the vulnerable script removed.

More information on the timthumb.php script vulnerability may be found here: http://code.google.com/p/timthumb/issues/detail?id=212

As I always say, when it doubt, check it out!

Here’s to your online success!


Latest Posts

LAUNCH NOW! Headquarters

Located in Val Caron, Greater Sudbury Region
Phone: (705) 929-8832
Email: sally@launchnow.ca

Connect with us!


Important: All content on this site is copyright LaunchNow.ca. All rights reserved. All images are licensed, used with permission and copyrighted to their respective owners.