In last couple of days I have seen many websites getting hacked due to vulnerability and we have already discussed about the same in the past. If you are still not aware of timthumb hack and running a WordPress blog, you should refer to these 2 posts:
Usually, any blogger/webmaster will look into the theme folder and update the script with updated timthumb script. But chances are that some plugin might be using a timthumb script and you are not aware of.
Here is a very useful WordPress security plugin call Timthumb Vulnerability Scanner which check your WordPress wp-content directory for timthumb.php file and it also shows if your existing timthumb.php file (
In case if your timthumb.php file is not safe, it will give you option top fix it. You don’t need to login to FTP to update the timthumb script, but by clicking Fix button it will automatically replace the old one with the updated script.
As soon as you click on Fix, it will update the file and your screen will start showing this:
How to use Timthumb Vulnerability scanner plugin?
Go to official download page and download & Install the plugin.
Alternatively, you can install plugin from the dashboard by searching for Timthumb Vulnerability Scanner.
Once this plugin is installed and activated, go to Tools >Timthumb scanner and run the scan.
As mentioned above within seconds you will see the list of all timthumb script running on your server and if it’s vulnerable to a hacker, you can fix it directly as shown in image above.
In my opinion, every WordPress blogger should use this plugin once for now, as the timthumb hack is taking down many WordPress blogs every day and once your site is hacked, fixing it won’t be very easy.
Do let us know if you found any hacked timthumb file using this plugin? And don’t forget to share this post on your Facebook and Twitter to let your WordPress blogger friends know about this as well.