Hey guys!
Just wanted to post this to anyone that is currently using TimThumb in your WordPress themes. As the editor writes, “timthumb.php is inherently insecure because it relies on being able to write files into a directory that is accessible by people visiting your website. That’s never a good idea. ”
Anyway, take a look if you're using it.
http://markmaunder.com/2011/ze…..ss-themes/
None of my themes use timthumb. I stopped using it as soon as post_thumbnail became available in WP 2.9 about 1.5 years ago.
None of my themes use timthumb. I stopped using it as soon as post_thumbnail became available in WP 2.9 about 1.5 years ago.
Timthumb offers more than the post_thumbnail in terms of features and flexibility however as result it adds additional complexity. As of the vulnerability found, this is the problem with using third party plugins in your themes. If you create something yourself, even if it's not as powerful as some plugins, you can be sure 99.9999% it won't be hacked simply because it doesn't have chances to be of much interest until it's reaaaaally popular. That's why I always avoid to use third-party plugins whenever it's possible.
Timthumb offers more than the post_thumbnail in terms of features and flexibility however as result it adds additional complexity. As of the vulnerability found, this is the problem with using third party plugins in your themes. If you create something yourself, even if it's not as powerful as some plugins, you can be sure 99.9999% it won't be hacked simply because it doesn't have chances to be of much interest until it's reaaaaally popular. That's why I always avoid to use third-party plugins whenever it's possible.
Agree with weblusive, roll-your-own where you can, at least you can understand and fix your own code.
Agree with weblusive, roll-your-own where you can, at least you can understand and fix your own code.