Peter Butler releases plugin to scan for, and fix, TimThumb vulnerabilities


Peter Butler, WordPress developer and the mind behind security monitoring service Code Garage, has released a plugin to search for any vulnerable instance of TimThumb. Butler’s plugin will also, if you wish (and you should) offer a one click option to upgrade the outdated copy of TimThumb.

The TimThumb vulnerability was news over a month ago now, and was called “the security event of the year” by Matt Mullenweg in his State of the Word keynote this year. In other words, you should fix this problem if you still have it.

Butler explained to WPCandy that he developed and released the plugin because he can’t help everyone who has been contacting him about the problem:

I literally don’t have enough time in the day to clean up all the hacked sites people are sending my way over the past couple of weeks, and the vast majority of them have happened because of the TimThumb exploit.

When I tell people why their sites got hacked, many of them have even heard about the vulnerability, but just assumed the risk was small, or decided they couldn’t figure out how to fix it themselves (which is ludicrous, because it’s so easy).

As a result, his TimThumb Vulnerability Scanner plugin is now available in the plugin directory. Butler also recorded a quick screencast for the plugin which you can watch just after the jump.

Have you taken a moment to be sure all of the sites you manage are clear of outdated TimThumb scripts?

2 thoughts on “Peter Butler releases plugin to scan for, and fix, TimThumb vulnerabilities

  1. Thanks for writing about this! I think (hope) it’s going to save people some headache.

    One quick note on the plugin – Version 1.1 is catching at least one plugin file that it shouldnt be – so if you run the scan, and see that a file from the “Category Icons” plugin needs to be fixed, DON’T fix it. Version 1.2 of the scanner has been submitted to the repository, and should show up as available soon.

    If you run into any other plugins/themes that cause problems when you hit “Fix”, please let me know in the forums.

  2. Any tips on what to do if a site is compromised?
    What to do after the files have been deleted? Change MySQL and FTP password? Anything else?

Comments are closed.