In this episode of WordPress Weekly, Marcus Couch and I travel to Singapore to interview Lester “GaMerZ” Chan. Chan has 23 different plugins in the plugin directory, amassing an incredible total download count of 12,241,325! This accounts for approximately 1.6% of all plugin downloads from the directory. Chan explains how he handles support for 23…
The once popular image resizing script known as TimThumb is no longer supported according to co-creator, Ben Gillbanks. In 2011, TimThumb made headlines when a major security vulnerability was discovered and used to hack into several websites. The exploit that was found was a bug with the external image resize functionality and the fact it…
Marcus Couch and I were joined by Peter Bui of PB WebDev. Bui who lives in Sydney Australia produces the JoomlaBeat podcast. JoomlaBeat is a weekly podcast produced as a resource for the Joomla community. This episode is a civilized and informational conversation that discusses the similarities and distinct differences between the WordPress and Joomla…
Security vulnerabilities have plagued the TimThumb script for years. It is most commonly used in cropping, zooming and resizing images in WordPress themes. After the large scale attacks launched against the script a few years ago, one might think that theme and plugin developers would be less likely to continue building with it. However, this…
Sucuri Security has a great post that begins to review the aftermath of the massive exploitation of the TimThumb image re sizer script. According to their calculations, about a million pages have been compromised by the script but when filtering down their results for the past thirty days, there were over 200,000 results. The exploitation…
WPBeginner has an excellent tutorial that describes how to use the built in functions of WordPress to generate additional image sizes for use in themes. This is possibly a better alternative than using TimThumb.
Not sure if any of the plugins or themes you have installed within your WP-Content directory contain the outdated version of TimThumb? Good news, there is a simple plugin that not only scans your content directory for the outdated version of the script, but also provides a link to quickly upgrade to the newer version.…
Previous to WordPress having post thumbnails built in, there was a script called TimThumb. I know quite a few themes that integrated TimThumb in order to automatically generate post thumbnails instead of relying on the old method of using a custom field. Ben Gillbanks has chronicled the short history of TimThumb. Development was started by…