TimThumb.php – Security Vulnerability

We have been following the updates on the security vulnerability of TimThumb – an image resizing script used by many themes. To ensure all of our client sites are protected, we highly recommend doing one of the following:

Method 1: Update Theme

Download the latest version of the theme using the same download link sent to you upon purchase. All of our latest themes have a secure version of the script.

Method 2: Replace timthumb script via FTP

Delete your current timthumb.php file and replace it with the latest version of timthumb in your theme folder via FTP. Upon doing so, we also recommend this additional change:

Edit the $allowedsites variable and remove all sites referenced – it should look like this after the edit:

// external domains that are allowed to be displayed on your website
$allowedSites = array();

Method 3: Update timthumb via WP Editor

Follow these steps to update your existing timthumb file:

  • Login to your WP site. Go to Appearance => Editor.
  • Open timthumb.php and delete all of its contents.
  • Copy/Paste the contents of the latest version of timthumb. Perform the additional recommendation shown above in method 2.
  • Click Update File (save).

If you have any questions, please let us know on the support forums and we’ll get you sorted.

9 Responses to "TimThumb.php – Security Vulnerability"

Leave a Reply

Your email address will not be published.