TimThumb is a third party script used in many WordPress themes and plugins to resize images.
Unfortunately the timthumb vulnerability which has seen thousands of WordPress sites hacked and exploited since October 2011 is still claiming more victims every day.
Worried your WordPress sites may be vulnerable?
Locker from Code Garage provides rock solid daily backups and hack monitoring and cleanup (for malicious code and vulnerabilities like this one), as well as personal, one on one support when you need it.
If you’re not sure how to scan your WordPress installation to check if your site is vulnerable and your timthumb script is up to date, i suggest you click here to download & install the timthumb vulnerability scanner plugin and scan your entire site.
Timthumb Vulnerability Scanner
What does the plugin do?
The timthumb vulnerability plugin will:
- Enable you to easily scan your wp-content directory and find any vulnerabilities
- Schedule automatic daily scans
- Update out of date files which may be vulnerable
You’ll find the link to the plugin settings under the Tools menu in your WordPress admin dashboard.
Scan for Issues
Simply click the Scan button to find out if your site has been compromised and your timthumb script is up to date.
If you find a file that is outdated, select the file and Upgrade Selected Files
You can also setup automatic daily scans which will alert you to any actions that need addressing.
Your results should look like this if your site is secure
A big problem with backups is that they may also be vulnerable.
Even though some web hosts provide daily, weekly and monthly backups, if you haven’t scanned your site for over one month, your site can be vulnerable.
If you don’t scan your site for the tim thumb vulnerability and take full backups, you may end up like these 4800 websites lost with no chance of recovery.