There’s been lots of press about WordPress sites being compromised because of the “TimThumb vulnerability.” What’s this about and what do you need to do?
TimThumb is a is a popular script that is used by many WordPress themes and plug-ins to manipulate image files. Unfortunately the TimThumb developers left open a doorway through which hackers can insert code into WordPress template files. This code adds links to Russian sites and inserts malware to try to infect the computers of anyone who visits the infected site. Google has begun listing infected sites as malware and blocking them.
If you have a WordPress site, how do you know if it has been infected or is vulnerable to attack?
- First use Sucuri to scan your website for malware. Sucuri checks 10-12 links on each site. This is sufficient if all your site pages and posts use the same template files, but if your site uses multiple templates (e.g., blog, page, home page, single-column, multi-column), make sure you scan at least one example of each template. If the scanner finds problems, follow the suggestions there.
- Site clean? Great — no malware has been installed. But your site may still be vulnerable to attack. The good news is that many theme and plugin developers have already updated their code. Update your theme and plugins to the latest version.
- Some plugins, such as the popular Verve Meta Boxes, are no longer actively supported and have not been updated. To be sure you get all copies of TimThumb updated, search the files in your plugins and themes directories for “timthumb.php.” If you find a copy that has not been updated as part of a plugin or theme update, you can replace it with a new version. Download the latest TimThumb file from http://code.google.com/p/timthumb/.
- Some developers have changed the name of the TimThumb file from “timthumb.php” to “thumb.php.” We recommend searching for both names, and updating all the files.
For more information on TimThumb and how to protect your site:
- Zero Day Vulnerability in many WordPress Themes by Mark Maunder – details about how the vulnerability works and what can be done about it.
- Breaking: Google starts to block hacked WordPress blogs as attack widens also by Mark Maunder – details about how and why Google is blocking infected sites.
- WordPress Codex: Hardening WordPress – good practices for protecting your WordPress site from hackers.
Note that this vulnerability is not unique to WordPress. Some Joomla and Drupal themes and plugins also use TimThumb, and all the warnings apply to them as well.
Leave a reply
- 4:59 Workshops (3)
- Business & Finance (9)
- Coaching (2)
- Collaboration (11)
- Culture (17)
- Customer Service (7)
- Design (26)
- Everything Else (13)
- First Impressions (2)
- Freelancing (5)
- Gadgets (5)
- How-to (3)
- Just For Fun (14)
- Kick Starter (1)
- Marketing (19)
- mtchbk.com (4)
- News (19)
- Personal Development (9)
- Photography (4)
- Print (3)
- Process (5)
- Social Media (11)
- The MAC (12)
- Tips-n-Tools (21)
- User Experience (4)
- Video (4)
- Web Development (11)
- Writing (3)
- Everything (101)
Categories
- Amy Dasso (2)
- Bill Zipp (10)
- Chris Nordyke (1)
- Donna McMaster (4)
- Jeff Jimerson (26)
- Lainie Turner (24)
- Matt Riopelle (13)
- North Krimsly (4)
- Rebecca Badger (1)
- Ron Sparks (12)
- Sean Brown (4)
