There seems to have been more and more incidents the BlackHatters have heard of recently of people’s WordPress blogs/sites being hacked. Its a real shame as WordPress is a really good system (in our humble opinion) but it has too many holes in it.

We recently received the following correspondance…

Hello,

You are receiving this email because you are a member of ElegantThemes.com. In the past, our themes have used a popular image re-sizing script called Timthumb (http://www.binarymoon.co.uk/projects/timthumb/). The script is used by millions of sites and is quite popular in the WordPress themeing community. That being said, it was noted yesterday that a vulnerability exists within certain versions of the script (http://code.google.com/p/timthumb/issues/detail?id!2), and therefore this vulnerability may also exist in your theme (depending on when you last updated it). While the author has provided a fix, it is highly recommended that you update all of your EelgantThemes themes to their latest versions. The latest versions of our themes no longer utilize the timthumb script and therefore are not subject to this security hole.

Regardless of when you last updated your theme, I would strongly suggest that everyone update their themes to the latest version and insure that the timthumb.php file and your /cache folder have been removed. To update your theme and remove these files, simply delete your current theme via the Appearances > Themes section of the WordPress Dashboard. Then you can re-download the theme from the members area and re-upload it normally:

https://www.elegantthemes.com/members-area/documentation.html#installdashboard

The latest theme versions require that your thumbnail images be hosted on the same domain name where WordPress has been installed. If you were previously using timthumb.php to allow external image source by editing the file’s $allowedSites array, then these thumbnails will no longer function.

So for those of you out there who are using WordPress based sites, it might be useful to move away from ‘Timthumb’ if you are using this on your WordPress site and look for a new theme. As this seems to be quite an easy way for hackers to infiltrate your site and then upload a virus which means you redoing your entire site from scratch…a particular pain if you haven’t backed it up recently!

Brought to you by Black Hat PPC.

No related posts.

  1. Justin Dupre says:

    Thanks for the heads up on this.