February 6

How to Get rid of TimThumb Hack From WordPress Website

WordPress Security


This post was originally published on this site

Developers who’ve been mixed up in WordPress community for quite some time must have heard about the TimThumb. It’s a PHP script that resizes thumbnail images you could display on your own site.

TimThumb was massively popular so much in order that several themes had it bundled making use of their offering. Nonetheless it exhibited a vulnerability that allowed for an incredible number of WordPress sites to obtain hacked. Right now, we see hacks due to it.

If you’re wondering whether your website is suffering from TimThumb vulnerability you’ll be able to scan your website to learn. In this specific article, we’ll show how exactly to scan your site and clean it if your website is hacked.


If you think your website has already been compromised and you desire to clean it immediately, then install our WordPress malware removal plugin. It’ll clean your site and take methods to make sure that your site has been protected from future hack attempts.

What is really a TimThumb Exploit?

TimThumb is really a PHP script that lets users import images from image-hosting websites (like flickr.com and imgur.com) and edit them on the fly, especially to create thumbnails.

TimThumb had a summary of trusted websites and only those images from those websites were retrieved. However, unknown to the developers there is a significant vulnerability in this technique. WordPress TimThumb only checked if the image URL matches with those websites. It didn’t verify if the image files actually originated from those locations.

For instance, ‘imgur.com’ is really a whitelisted website however the vulnerability may fool one to retrieve files from poor sites like ‘imgur.com.badsite.com.’

The poor sites can upload malicious files into your site that will enable hackers to gain access to your website. That’s exactly how TimThumb hack compromises your site.

timthumb instance

Although this security issue was set, TimThumb nevertheless experienced security exploits through the years. Ultimately, the programmers of the TimThumb script abandoned it. Most designs using the script launched a fix in order that their software can work without TimThumb.

There are many themes that may be using TimThumb for resizing images. If your style continues to be using TimThumb in that case your website is in peril. We’d strongly recommend you scan your site immediately to discover if your site is compromised.

If the themes installed on your own website still use TimThumb that leads to your internet site being compromised, we claim that you clean your site immediately. But in the event that you don’t understand whether your themes make use of TimThumb after that we suggest, you scan your site immediately.

To learn if TimThumb vulnerability offers left your site at risk, you should run a whole malware scan.
Click To Tweet


How to Scan & Eliminate TimThumb WordPress Hack

You can scan your website for a TimThumb hack manually or even with a plugin. We suggest avoiding the manual method because it’s time-consuming and small errors that result in big disasters such as broken websites. Nevertheless, if you’d nevertheless prefer to know the procedure then you can study our extensive guideline on How to completely clean a Hacked Site?

We strongly recommend utilizing a WordPress security plugin to completely clean the hack and take away the TimThumb vulnerability.

But we realize that picking a great plugin is difficult considering that there are therefore many choices available.

Worry not! We’ve the ideal plugin for you personally – the MalCare Safety Plugin. We suggest it to remove any type of hack which includes TimThumb. Right here’s exactly why:

    • MalCare includes a scanner created to scan your complete website. Which includes documents and databases. Even though many plugins only consider areas where malware is normally found, MalCare will go beyond that. It appears into every nook and part of your site and that’s just how it detects malware that other plugins neglect to find.
    • The plugin hunts down every sort of malware, the known ones and also the unidentified ones. It checks the habits of the program code to get malicious codes and flag them as malware. This decreases the probability of false positives.
    • Delay in cleanups could cause Google blacklisting and web host suspension. Considering that period is usually of the essence whenever a internet site is hacked, MalCare allows you to clean your site under several minutes.

At this point that we’ve noticed the highlights of MalCare Security Plugin, we are able to begin to thoroughly clean your website. Right now, let’s thoroughly clean your site with the plugin.

Get rid of WordPress TimThumb Hack With MalCare Security Plugin

1. Install the plugin into your site and after that add your site to the MalCare dashboard.

2. MalCare begins scanning your website instantly. It’ll demonstrate how many malicious data files and tables were discovered.

3. To eliminate the malware, go through the Auto-Clean key. It’ll have a short while for MalCare to completely clean your website.

malcare auto thoroughly clean

That’s it, folks. Your site is currently clean.

TimThumb hacks are caused because of vulnerability. Take away the vulnerability to guarantee the isn’t compromised once again
Click To Tweet


Write-up Malware Removal Measure

MalCare will clean your website and get rid of every trace of malware. Nevertheless, you still need to repair TimThumb vulnerability. This can ensure your web site isn’t compromised again.

We’ll demonstrate how to take away the vulnerability.

TimThumb vulnerabilities can be found inside a plugin or concept. It’s an extremely popular safety vulnerability hence any responsible plugin or even theme developer could have released a patch to eliminate the vulnerability from the program. You can carry out the patch by updating the style or plugin.

Log into your WordPress site and execute just about all pending improvements (including inactive and custom made themes and plugins).

Then we recommend following implementing hardening measures to safeguard your site from future hack attempts. To assist you, we wrote a step-by-step guide on how to take website hardening measures.

TimThumb Alternatives?

TimThumb enabled websites to automatically resize images in line with the device used. But without TimThumb, how will you get this feature on your own site?

Lucky for all of us, WordPress does this automatically. Image resizing is currently a native WordPress feature.

When you upload a graphic, it resizes itself and serves the right image size based on the device. Moreover, once you upload a featured image for a post or perhaps a page, it auto-generates a thumbnail size. The thumbnail is everything you see when you go to the Blog page (see image below) of any website.

Take, for example, our MalCare’s Blog page where you are able to start to see the thumbnails of recently published blogs.

malcare blog site

Hence, you don’t have to come across an alternative solution to TimThumb.


Final Thoughts

The TimThumb hack provides affected an incredible number of sites and continues to cause havoc to the website nonetheless. The TimThumb hack is merely one of the numerous hack tries made on your own website every day. To combat hack attacks, we recommend having the security plugin such as MalCare dynamic on your own site.

MalCare is easy to create and it scans your site automatically every day. It includes a firewall to prevent malicious traffics and protects your login web page from brute force attacks.

Make use of
MalCare Security Plugin to safeguard YOUR SITE 24 x 7


The post How to eliminate TimThumb Hack From WordPress Site appeared first upon MalCare.

About the author 

WP Maintain Support Protect

You may also like

Who Attacked SolarWinds and just why WordPress Users Have to know

Who Attacked SolarWinds and just why WordPress Users Have to know

SolarWinds and offer Chain Attacks: Could this happen to WordPress?

SolarWinds and offer Chain Attacks: Could this happen to WordPress?

WordPress Hardening: 18 Methods to Harden Security of one’s Website

WordPress Hardening: 18 Methods to Harden Security of one’s Website
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Subscribe to our newsletter now!