In last couple of days I have seen many websites getting hacked due to vulnerability and we have already discussed about the same in the past. If you are still not aware of timthimb hack and running a WordPress blog, you should refer to these 2 posts:
- WordPress Sites using Timthuimb Script is prone to hacking
- How to remove counter-wordpress.com from hacked WordPress blog
Usually any blogger/webmaster will look into the theme folder and update the script with updated timthumb script. But chances are that some plugin might be using a timthumb script and you are not aware of. Here is a very useful WordPress security plugin call Timthumb Vulnerability Scanner which check your WordPress wp-content directory for timthumb.php file and it also shows if your existing timthumb.php file (
In case if your timthumb.php file is not safe, it will give you option top fix it. You don’t need to login to FTP to update the timthumb script, but by clicking Fix button it will automatyically replace the old one with updated script.
As soon as you click on Fix, it will update the file and your screen will start showing this:
How to use Timthumb Vulnerability scanner plugin?
Go to official download page and download & Install the plugin. Alternatively you can install plugin from dashboard by searching for Timthumb Vulnerability Scanner. Once this plugin is installed and activated, go to Tools >Timthumb scanner and run the scan. As mentioned above within seconds you will see the list of all timthumb script running on your server and if it’s vulnerable to hacker, you can fix it directly as shown in image above.
In my opinion, every WordPress blogger should use this plugin once for now, as timthumb hack is taking down many WordPress blogs every day and once your site is hacked, fixing it won’t be very easy.
Do let us know if you found any hacked timthumb file using this plugin? And don’t forget to share this post on your Facebook and Twitter to let your WordPress blogger friends to know about this useful plugin and safeguard themselves from hackers.