The recent Timthumb.php vulnerability has left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.
TimThumb is a simple, flexible, PHP script that resizes images. You give it a bunch of parameters, and it spits out a thumbnail image that you can display on your site
1. Download the latest version of TimThumb.php ( TimThumb.php )
2. Use FTP to access your web server (we are using FileZilla)
3. Navigate to the file
4. Delete the old file (timthumb.php, sometimes you will see thumb.php)
5. Upload the new version of timthumb.php(if the original file is thumb.php, you just rename it to “thumb.php”)
You could also use Timthumb Scanner plug in
The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.