How to Protect Your WordPress Site as Hackers Exploit TimThumb Security Hole
Hassan Akhtar   – September 5, 2011
26 Comments

How to Protect Your WordPress Site as Hackers Exploit TimThumb Security Hole

A month ago we told you about a serious security whole in popular image manipulation script, TimThumb.

Used by hundreds of WordPress themes this was a particularly far-reaching exploit that opened up many sites to hackers who could gain entry and do pretty much what they wanted.

Thanks (or should that be “praise be”?) to the quick actions of Mark Maunder and the subsequent collaboration between him and TimThumb’s original author Ben Gillbanks, the hole has been patched up and the latest version of TimThumb is much more secure.

However, themes must then be updated with the new version, or patched accordingly. Otherwise hackers looking for this exploit could get in to your site – and guess what? It’s happening.

This week a WPMU DEV member posted on the forum;

Sigh. I forgot to check one of my sites, and wouldn’t you know it? It’s the one that got hacked. I’m running a site that has TimThumb and it’s been hacked.

Bad times :(

In fact, Mark has a very insightful post showing just what hackers are capable of when they exploit this hole. In short, they can do almost anything with your web site.

FREE EBOOK
Your step-by-step roadmap to a profitable web dev business. From landing more clients to scaling like crazy.

By downloading this ebook I consent to occasionally receive emails from WPMU DEV.
We keep your email 100% private and do not spam.

FREE EBOOK
Plan, build, and launch your next WP site without a hitch. Our checklist makes the process easy and repeatable.

By downloading this ebook I consent to occasionally receive emails from WPMU DEV.
We keep your email 100% private and do not spam.

Protecting yourself

So how do you know you haven’t missed a copy of TimThumb somewhere and shown hackers a wide open door?

Well, since August 14 I’ve received over 1,400 e-mails informing me that hackers were attempting to hack into my site using the TimThumb exploit.

How?

Using the excellent WordPress Firewall plugin. This excellent piece of kit automatically detects attacks and blocks them, sending you an e-mail each time. If the guy quoted above had been using the plugin he never would have been hacked!

In once case, I’ve received over 1,000 of these e-mails on the same day! It was only after I blocked the IP address of the attacker (included in the e-mail) that the attacks ceased.

What are you waiting for? Protect yourself now!

Got any other tips for securing WordPress? Let us know in the comments or contact us!

Update: Via WordPress Tavern I’ve learned that a new plugin allows you to scan your WordPress site for the TimThumb vulnerability.

Tags: