1. How to protect your WordPress site as hackers exploit TimThumb security hole

    […] Via WordPress Tavern I’ve learned that a new plugin allows you to scan your WordPress site for the TimThumb […]


  2. chrismccoy

    nice one ;)

    i had a client who had a large number of themes which used timthumb he wanted a faster way to update each one.

    here is a little shell script that will do it.

    wget -q -O ~/newtim.php http://timthumb.googlecode.com/svn/trunk/timthumb.php;
    find . -name "timthumb.php" -exec bash -c "echo patching {} && cp ~/newtim.php {}" \;
    rm ~/newtim.php


  3. Miroslav Glavic

    Sweet no vulnerabilities found.


  4. Russell

    Thanks, seems my site is okay. Actually thought it was open to attack!!


  5. Kirk M

    Good, I’m clean also. Nice to have another “health” plugin like this one especially for those DYI WordPress powered sites that have some age on them. To bad we don’t have plugins like this for their owner’s health as well. ;-)


  6. Flick

    I found that the CPanel Filemanager search was a very useful way of finding the files as well.


  7. Around the WordPress Community this Week | CS5 Design

    […] the Timthumb Vulnerability not long ago? WordPress Tavern have stumbled upon A Timthumb Vulnerability Scanner plugin that checks to see if your WordPress is vulnerable. Comments to the post include a simple […]


  8. Mike

    We run a fairly large multisite install and this plugin will allow clients to see each others timthumb scripts (and fix them!). This may or may not be a big issue, but I can see how it could cause some disruption.

    What we did was install the Restrict Multisite Plugins plugin and this will allow you to restrict the install of the Timthumb Scanner plugin on your parent site only, so then none of your clients will see it.

    Just thought I’d throw that out there for any multisite users.


  9. WordPress Plugin - TimThumb Vulnerability Scanner | FriedGreenKidneyBeanFriedGreenKidneyBean

    […] changed the files myself manually on the WordPress websites that I maintain, but I saw a post from WPTavern about a new plugin which took all the trouble out of searching for the files and replacing them. […]


Comments are closed.

%d bloggers like this: