How to be safe with timthumb.php ?



timthumb.php

Security tips for wordpress

Recently a serious vulnerability was discovered in a popular image re-sizing tool called “timtumb.php”. This security bug can affect WordPress themes and other PHP-driven website.

Who might be affected?

Anyone with a PHP-driven website which is running timthumb.php.
Many WordPress themes utilize timthumb.php by default.
This is not unique to a single web hosting provider.

What does timthumb.php do?

Many developers use “timthumb.php” to resize images to fit their website. It also allows you to pull images from external sites, which is very cool, but there’s a catch… The same feature may allow attackers to upload malicious scripts. In a worst-case, this could result in file corruption or even data loss.

So now comes the part where we tech you how to be safe when using TimThumb.php with wordpress:

Step 1.
Make sure to go on their official website and get the latest version of the plugin. (and remember to regularly check that site for updates)

Step 2.
You should also set ALLOW_EXTERNAL to false and find the $allowedSites array inside the file and remove the domain names to prevent remote file downloading.

Make sure this constant is set to false:

 

define( ‘ALLOW_EXTERNAL’, false );

Before:

$allowedSites = array (

‘flickr.com’,
‘picasa.com’,
‘img.youtube.com’,
‘upload.wikimedia.org’,
);

After:

$allowedSites = array();

Have a Safe blogging.

We love your comment. Help us improve our site by commenting below.

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Get the latest tech buzz directly in your Inbox for free: