9 Comments

  1. Keith Davis

    I was using an Elegant Themes WordPress theme at the time the vulnerability was announced, which used TimThumb #funandgames

    Report

  2. Jonah Brown

    Honestly it isn’t that hard to just use the native WP functions. Also less likely to have these issues.

    Report

    • Jeff Chandler

      I’m willing to bet that’s also a factor in the decision to end development. I feel for Ben though, managing a script that was responsible for so many sites being hacked. That would eat away at me every night. Not sure how I’d cope with it and be able to move on. In many ways, that’s what Ben is doing ending development. This is his way of being able to move on.

      Report

  3. Mehmet (@mhmtozek)

    Its sad to see that Ben is no longer going to maintain the script but he definitely deserves an appreciation for his time that he spent keeping Timthumb up to date for all those years.

    Btw, another alternate to Timthumb could be https://github.com/bfintal/bfi_thumb We used it for couple of projects at Gabfire and it seemed to be working very well.

    Report

  4. Ryan Hellyer

    I have some plugins which have reached this point in their life cycle too. Sometimes it’s best to put things down than to let them keep lingering and causing problems for users, even if there are a few passionate users who still insist on using them.

    Report

  5. Paul B. Taubman, II

    I can’t imagine the pressure that one feels for something like that. He should be commended for his accomplishment and that should be the point that is remembered. It is a shame that there was some vulnerability that was exploited in his code – it could have happened to anyone (heck – it is possible to happen in the core code!)

    Two Thumbs Up (two TimThumbs up!) for Ben!

    Report

    • Ryan Hellyer

      Definitely two thumbs up for Ben. His attitude and response to issues with TimThumb is very commendable and makes me a lot more likely to trust his code in future. It’s the people who don’t take this stuff seriously or learn from it who worry me the most. Making a mistake, realising it, and moving on is much better than the usual response.

      Report

  6. Ajay

    I think, it’s finally an end to timthumb. I loved the script. It was easy to use and had very good support for handling images. I’ve check out BFI_Thumb and it’s a good replacement for timthumb since it uses WordPress images.

    For now, I’ve chosen to just use add_image_size to control the images as the first step in my plugins and allowing users to choose existing images as the first preference.

    http://ajaydsouza.com/archives/2014/09/27/timthumb-free/

    Report

Comments are closed.

%d bloggers like this: