Is Your WordPress Blog Hackable?
ContentRobot has been assisting bloggers to clean up a few hacks in recent weeks. Mostly they were compromised with the so-called TimThumb vulnerability that was discovered last year.
What Does TimThumb Do?
Timthumb.php, which is included in many WordPress themes and some plugins, is an on-the-fly image resizing utility. Unfortunately, older versions of the script had a security hole in it, allowing hackers to upload and execute arbitrary PHP code in the TimThumb cache directory and in other places.
Is Your Blog Still Using an Older TimThumb Script?
Follow these simple instructions to find out and even fix.
- Take a backup of your blog
- Install the TimThumb Vulnerability Scanner plugin
- Run the scan
- If an old instance of TimThumb is found in any of your installed themes and plugins, just click to upgrade the script
- Bonus Tip: delete any unused themes and plugins for further security
Even if you have been lucky to not have been effected by this exploit so far, we recommend that you take a few minutes to check your install and shore it up if necessary. Stay safe out there, WordPress bloggers.