Please note: timthumb.php is NOT a virus or malware. It’s a useful file, used by many WordPress themes to handle image sizing. It’s necessary and you shouldn’t delete it (unless you know what you are doing).
If you are a developer, you can find the most recently updated timthumb.php file here. For more details see the links below…
This week there was a vulnerability discovered in a file named timthumb.php that could leave your WordPress site open to zer0-day attacks.
If you are new to WordPress… you probably have no idea what we just wrote. :)
This video is made to explain what a zero-day attack is and how the timthumb.php file fits in. We didn’t get into too many details (on purpose). Check out the links below the video for those…
(Watch WordPress Zero Day Vulnerability and timthumb.php on YouTube)
Questions you might be asking about timthumb.php:
- Does my theme use this file? How do I check?
- How do I know if I’ve been hacked already?
- How do I fix this?
For those answers we’ll direct you to people far smarter… :)
The man (and blog) who discovered it (he’s our new hero):
Zero Day Vulnerability in Many WordPress Themes
The Basic Story from PC World:
Zero-day Vulnerability Found in a WordPress Image Utility
Great advice on what to do next:
Timthumb.php Security Vulnerability – Just the Tip of the Iceberg
As always, if you make any changes to your WP Site… BACKUP FIRST.
Please share this post with anyone you know who uses WordPress. We need to make sure people know about this.
Our featured affiliates:
Disclosure: Affiliates allow us the opportunity to earn income as a large majority of our content remains free. If you purchase any products/services after clicking on one of the affiliate links above, we will receive compensation. Thank you for supporting this site!