For anyone who has been hiding underneath a rock for the past couple of months, you’ll no doubt have no idea why you would need such a plugin so just search for “timthumb vulnerability” and you’ll get a bunch of websites discussing it. Essentially what has happened is, somebody has found an exploit within the code which allows malicious hackers to get access to your server and pretty much do a bunch of bad stuff that you probably wont want happening so…
So back to the Plugin – “TimThumb Vulnerability Scanner”
The plugin tagline is: “Find all those pesky timthumb.php scripts with vulnerabilities BEFORE you get hacked! Scans your wp-content directory for vulnerable instances of timthumb.php, and optionally upgrades them.”
What you get here is a plugin which will scan all of your files for any older versions of the TimThumb script that could be susceptible to exploitation. If the plugin finds them, it can automatically update the TimThumb script for you.
I changed the files myself manually on the WordPress websites that I maintain, but I saw a post from WPTavern about a new plugin which took all the trouble out of searching for the files and replacing them. Just to be on the safe side, I gave it a quick go myself and got the all clear.
The plugin is especially useful for those that maybe have a few older themes installed on their servers that they may have never gotten around to being removed or updated.
You can download the Plugin through your WordPress site or at WordPress.org.
No comments yet.