The marketplace for Premium Themes — & — Templates

2,206,254 People using Mojo
353,568 Downloaded items
2115 Marketplace items
2 Green Monsters

Vulnerability in your WordPress Themes.

Forums Seller Tips Vulnerability in your WordPress Themes.

This topic contains 3 replies, has 4 voices, and was last updated by  Sweet Themes 8 years, 10 months ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #1038592

    J.R. Farr
    Key Master

    Hey guys!

    Just wanted to post this to anyone that is currently using TimThumb in your WordPress themes. As the editor writes, “timthumb.php is inherently insecure because it relies on being able to write files into a directory that is accessible by people visiting your website. That’s never a good idea. ”

     

    Anyway, take a look if you're using it.
     

    http://markmaunder.com/2011/ze…..ss-themes/

    #1038602

    weborithm
    Member

    None of my themes use timthumb. I stopped using it as soon as post_thumbnail became available in WP 2.9 about 1.5 years ago.

    #1038612

    weborithm
    Member

    None of my themes use timthumb. I stopped using it as soon as post_thumbnail became available in WP 2.9 about 1.5 years ago.

    #1038622

    Weblusive
    Member

    Timthumb offers more than the post_thumbnail in terms of features and flexibility however as result it adds additional complexity. As of the vulnerability found, this is the problem with using third party plugins in your themes. If you create something yourself, even if it's not as powerful as some plugins, you can be sure 99.9999% it won't be hacked simply because it doesn't have chances to be of much interest until it's reaaaaally popular. That's why I always avoid to use third-party plugins whenever it's possible.

    #1038632

    Weblusive
    Member

    Timthumb offers more than the post_thumbnail in terms of features and flexibility however as result it adds additional complexity. As of the vulnerability found, this is the problem with using third party plugins in your themes. If you create something yourself, even if it's not as powerful as some plugins, you can be sure 99.9999% it won't be hacked simply because it doesn't have chances to be of much interest until it's reaaaaally popular. That's why I always avoid to use third-party plugins whenever it's possible.

    #1038642

    Sweet Themes
    Member

    Agree with weblusive, roll-your-own where you can, at least you can understand and fix your own code.

    #1038652

    Sweet Themes
    Member

    Agree with weblusive, roll-your-own where you can, at least you can understand and fix your own code.

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.