Could My WordPress Site be Hacked via TimThumb?

Could My WordPress Site be Hacked via TimThumb?

TimThumb is a wonderful idea.

TimThumb is a script that allows your site to grab an image and resize or reshape it automatically. TimThumb will cache that new version of the image so that it can quickly be served to new visitors.

This is such a useful idea that thousands of WordPress themes have included TimThumb.

However, in both 2011 and 2014 there were security holes so severe in TimThumb that hackers can do anything to your server.

If you’re using a Theme downloaded from you have nothing to worry about, since those themes are not allowed to include TimThumb. However, many commercial themes continue to include TimThumb.

In this video, Topher shows you how to find out if your site is vulnerable to being hacked via TimThumb:


  • Steve Burge

    Steve is the founder of OSTraining. Originally from the UK, he now lives in Sarasota in the USA. Steve's work straddles the line between teaching and web development.

    View all posts
0 0 votes
Article Rating
Notify of

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x