WordPress Tweaks & Tuts?

Subscribe to TheCreatology via RSS | Email

Update Timthumb.php File in WordPress Theme Vulnerable to Hackers

by Aky Joe

I am wondering why there is no update from DIY Themes about new version of Thesis Theme as timthumb file is making Thesis Theme Websites vulnerable to hackers. It has been reported that certain version of Timthumb script http://code.google.com/p/timthumb/issues/detail?id=212 holds security hole and Thesis Theme uses Timthumb.php file for re-sizing an image. I have no clue when new Thesis version will arrive, hence being on safer side why don’t we just update Timthumb file manually. 😉


Timthumb file prone to hackers

Therefore this vulnerability may also exist in your WordPress Theme or a Thesis Theme. For people who have followed this article How to auto generate thumbnail in Thesis Theme without Plugin, I strongly recommend you to update timthumb.php file, before a hacker ruins your morning, or make your sleepless nights.

In this article, you will learn how to update TimThumb file in WordPress Theme.

Step 1: Get Latest Timthumb.php for WordPress

As mentioned about the security flaws with the timthumb.php, so our first step will be to get the latest version thumb file. You can download Timthumb.php source code from here. Another option, is to copy entire source code and edit existing Timthumb.php file. Move on to the next step which is to find timthumb file location.

Step 2: How to find Timthumb file location ?

As mentioned above about timthumb.php, which is a script used by developers to resize post images / slider images, so it can be found within the Theme/Plugin Directory. Depending upon various plugin and theme developers, name of the file can be either thumb.php or timthumb.php.

For Thesis users, location of timthumb file in thesis theme is wp-content/thesis_18/lib/scripts/thumb.php

Step 3: Why wait, replace new timthumb file asap!

If you know the location of timthumb.php file, without any further delays, just  replace timthumb with its newer version and upload it on server using ftp. Once done, take a breather and relax! What next ?

Did you check  other web directories ?

timthumb-update-we are not done yet

Analyse all web directories

Well, I just told you to relax but we are not done yet. Make sure that you have not skipped any inactive themes directory or plugins, as this vulnerability applies to each timthumb file, regardless of whether it is active or executed by the server. I recommend you to delete all inactive themes and update existing ones to the latest versions.

Phew! And with this you have saved your valuable asset from being hacked, but not until next time. 😛

If you have any query or further assistance required then you can leave your comments below.

Similar Topics: , , ,

TheCreatology Support

Got a Query? We're ready, Just Say it!

If you have a doubt or a feedback, then get-in-touch with TheCreatology Support Team now.

Start a Hangout or Email Us

Are you looking for...

  • Logo Design
  • Web Development
  • Thesis Skin Design
  • Graphic Designing
  • Virtual Assistance
Hire Us!


{ read them below or add one }

Barefoot Cook December 16, 2011 at 6:28 pm

Thanks for helping to announce this important info.


Aky Joe November 26, 2012 at 3:23 am

English Please!


Thuốc kéo dài thời gian quan hệ March 15, 2013 at 4:50 pm



pras March 23, 2013 at 7:54 pm

That really helpful dude, thanks a lot..


Mehvish April 13, 2014 at 6:06 pm

Can we still update theme if we don’t have license of theme and we have downloaded free from website?


Aky Joe April 16, 2014 at 6:58 am

It’s generally not recommended and is critically important that you buy license before publishing it online.


Leave a Comment

Previous post:

Next post:

Contact Aky

Yes, I agree that all information above is valid.

Simple question, what's...