Recently, many WordPress sites have been hacked due to a security vulnerability in timthumb.php, a script that is used by hundreds of WordPress themes to resize images.
Oh no! How do I fix it?
The advice that came after the first sites started getting hacked was not the easiest to implement for non-technical WordPress users:
If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty.
This isn’t very helpful if you have no idea where to look or what you’re looking for. The first hurdle is to figure out if you’re affected and then to apply the right fix.
Timthumb Vulnerability Scanner to the Rescue!
If you have no idea what to look for, then the Timthumb Vulnerability Scanner will be a real lifesaver. Install it like any other plugin and it will scan your wp-content directory for vulnerable instances of timthumb.php. It also gives you the option to upgrade your scripts to a safe version with a single click.
The creator of this pugin was overwhelmed with requests to clean up hacks that have exploited the timthumb.php script. He made this plugin incredibly easy to use. If you know how to install a WordPress plugin, then you can manage this. It saves your site in two steps:
What if I’ve already been hacked?
The plugin’s author notes that if you’ve already been hacked, this plugin will NOT clean up your site. Essentially, it fixes the door lock, which doesn’t matter if the burglars are already in your house. Believe me, you do not want the hackers to get in there. It can take down your entire server and if your host shuts down your account, you’ll be missing critical traffic and email.
For added security, check out Philip’s post on using a firewall to help protect your WordPress site from attack:
Millions of WordPress sites are still vulnerable to the Timthumb security hack. Don’t let yours be the next victim! Download the Timthumb Vulnerability Scanner and check your sites today.