You probably heard of the TimThumb Zero Day Vulnerability by now and unfortunately (or fortunately) only 2 of my themes (HackerWP and Celebrity Gossip) uses the TimThumb script for generating thumbnails. The fix is pretty easy.

1. Go to your theme cache directory (e.g /wp-content/themes/hackerwp/cache) and delete all files except index.htm
2. Download the latest version of timthumb.php and replace the file on your server at /wp-content/themes/hackerwp/timthumb.php
3. Optional: If you wish to grab image files from all external sites. Open timthumb.php, look for

$allowedSites = array (
'flickr.com',
'picasa.com',
'img.youtube.com',
);

and replace with

$allowedSites = array (
'*',
);


Browse and Share


» Subscribe to Feed
» Leave a Comment

Related Posts:
» Theme Authors: Make Your Theme Work in Both WP 2.0 and 2.1
» Testing of Plugins and Themes on WP 2.2
» Themes and Plugins Compatibility on WP 2.7

» Newer Post:
« Previous Post: