I have recently been alerted about yet another way for hackers to get into a WordPress website and cause havoc, so I wanted to take the opportunity and let you know about it and how to protect your WordPress site from being vulnerable. This involves the popular image resizing script called TimThumb.
TimThumb is an image resizing feature used in many WordPress plugins and themes including Thesis and many others. The vulnerability that was reported allows third parties to upload and run malicious PHP files in the TimThumb directory. Once the code is uploaded and executed, the site will become compromised. This in turn runs you the risk of being blacklisted by Google and other search engines. And getting the scripts removed and your site restored is not an easy task.
Here are a few steps you can follow to help protect yourself:
1. Get rid of any old themes and plugins that you are not using. Even if they are inactive, if they contain the timthumb.php file then you are potentially at risk.
2. Schedule regular backups of your site using a plugin like WP DB Backup. This particular plugin will back up your database at your selected time frame and send the backup to your email. You can select from once a month, once a week, daily or even hourly backups.
3. Install and activate the TimThumb Vulnerability Scanner plugin that was recently released by Peter of CodeGarage. This plugin will scan your entire wp-content directory for any outdated, insecure versions of the TimThumb script and it will provide a way to automatically upgrade them with one simple click.
These steps are vital to protecting your site from becoming victim to the new hackers that have emerged finding the holes in coding. If you have any questions or would like to have us help you in backing up, updating, and installing plugins to keep your site safe – please Contact Us today! We offer a couple different WordPress Maintenance packages which also includes checking for any TimThumb vulnerabilities.