• X

    How to Fix Vulnerable Timthumb Script in WordPress?

    By in WordPress

    Bluehost hosting

    In last couple of days I have seen many websites getting hacked due to vulnerability and we have already discussed about the same in the past. If you are still not aware of timthimb hack and running a WordPress blog, you should refer to these 2 posts:

    Usually any blogger/webmaster will look into the theme folder and update the script with updated timthumb script. But chances are that some plugin might be using a timthumb script and you are not aware of. Here is a very useful WordPress security plugin call Timthumb Vulnerability Scanner which check your WordPress wp-content directory for timthumb.php file and it also shows if your existing timthumb.php file (

    In case if your timthumb.php file is not safe, it will give you option top fix it. You don’t need to login to FTP to update the timthumb script, but by clicking Fix button it will automatyically replace the old one with updated script.

    Timthumbscanner thumb How to Fix Vulnerable Timthumb Script in WordPress?

    As soon as you click on Fix, it will update the file and your screen will start showing this:

    Fixedtimthumb thumb How to Fix Vulnerable Timthumb Script in WordPress?

    How to use Timthumb Vulnerability scanner plugin?

    Go to official download page and download & Install the plugin. Alternatively you can install plugin from dashboard by searching for Timthumb Vulnerability Scanner. Once this plugin is installed and activated, go to Tools >Timthumb scanner and run the scan. As mentioned above within seconds you will see the list of all timthumb script running on your server and if it’s vulnerable to hacker, you can fix it directly as shown in image above.

    In my opinion, every WordPress blogger should use this plugin once for now, as timthumb hack is taking down many WordPress blogs every day and once your site is hacked, fixing it won’t be very easy.

    Do let us know if you found any hacked timthumb file using this plugin? And don’t forget to share this post on your Facebook and Twitter to let your WordPress blogger friends to know about this useful plugin and safeguard  themselves from hackers.

    Subscribe to Download WordPress Guide Worth $99

    Discover more awesome articles

    Article by

    Harsh has written 1123 articles.

    If you like This post, you can follow ShoutMeLoud on Twitter. Subscribe to Blogging tips via RSS or EMAIL to receive instant updates.

    { 9 comments… read them below or add one }

    umashankar

    Thanks Harsh for this article:) My question is,it necessary to run this Timthumb Vulnerability Scan now and then,or a single time will be enough ??

    Reply

    Vijay

    that’s the beauty of open source.. thanks to plugin author for the initiative.
    the other easy way to find I update timthumb file is to log in into your hosting account Cpanel and search for file with name “timbthumb.php” this will give you all locations of this fil. you can visit one by one to update it. Also make sure to search with name thumb.php and update it as well

    Reply

    Isha Singh

    Thanks for the suggestion Harsh, i fixed mine. Can i uninstall the plugin now?

    Reply

    Peter

    Thanks for the mention, Harsh! I’m the plugin author, and it’s been great to see people are spreading the word about this plugin – it can save you huge headaches down the road.

    @Isha – You should be fine to uninstall the plugin after running the scan – in fact, it’s a good idea to deactivate/delete any plugins you dont need at the moment. However – if you install new themes/plugins down the road, it wouldnt be a bad idea to scan them for issues, just to be sure.

    Reply

    Jasmine

    Oh, this is a very good plugin to check for timthumb vulnerability. I will download and use this plugin right away!

    Reply

    Harsh Agrawal

    Jasmine you should install this plugin for your security and do let us know if this plugin helped you to find any vulnerable timthumb script.

    Reply

    Munna

    Cool, When i upgraded the vulnerable file, it shows this “CAN’T OPEN VULNERABLE FILE FOR WRITING” what to do now?

    Reply

    Tushar

    After fixing the error can I delete the plugin from my dashboard? plz answer.

    Reply

    Harsh Agrawal

    @Tushar
    Yes, you can…

    Reply

    Leave a Comment

    Previous post:

    Next post:

    `