You work hard to build a blog,
You get traffic,
After a few months of marketing and promoting,
You finally make your first dollar online.
Your blog is now a revenue generating asset.
Your blog, just like every asset needs to be maintained to ensure smooth running. You need to secure your wordpress blog from being hacked. You don’t want your prized asset breaking down and affecting your business due to negligence or vulnerabilities.
This morning one of my clients called me and told me that his wp admin was giving an error message. On digging further I figured that the error message had something to do with a php script – there was a hack on his blog. The hacker has injected a script due to vulnerability in timthumb.php script
What is Timthumb.php and how does it impact your blog ?
- The Timthumb.php file is a script commonly used in WordPress’s (and other software’s) themes and plugins to resize images. The exploit allows an attacker to arbitrarily upload and create files and/or folders on your account, which can then be used for a number of malicious tasks, including but not limited to defacement, browser high-jacking and infection, data harvesting and more. After a site has been exploited, it may lead to becoming labeled a “Malicious Website” by Google or other security authorities.
Timthumb.php is used by almost all free wordpress themes and some premium wordpress themes. Due to the vulnerability in the script most of the sites on wordpress are being hacked in recent times. The vulnerability of the timthumb.php script allows the hacker to get access of your wordpress panel and take control over your blog. He can now redirect your blog to his blog or any other site or completely change your home page or deny access to your wp-admin panel.
How can you prevent a Timthumb.php wordpress hack ?
I have two solid suggestions to avoid such hacks and keep your blog secure.
1 ) Avoid Free WordPress Themes:
- Free WordPress themes are not often updated and have no support, without any support your blog is vulnerable to such hacks. I recommend using the Thesis Theme, it has a solid framework and a great support community to help you in case of any issues. Get $477 in bonus with the Thesis Theme.
2 ) Get Hosted with a Top Web Host
- Blog security depends a lot on where you are hosted, avoid web host that are free or allow cheap hosting. There is no free lunch, you’ll pay for it in the long run. I recommend you host your blog or website on Hostgator, they are one of the top web hosts in business and will do their best to service you and ensure that your blog is risk free and secure.
Hostgator does a regular scan of your blog to ensure that vulnerabilities are spotted and cleaned before the damage is done. I would not risk my blog with a cheap web host. Get 25% discount on HostGator (use coupon code webtrafficroi )
If you are not on Thesis or on Hostgator, check with your host and tell them to immediately do a scan of your blog to point out any vulnerability issue.
Any timthumb.php file below version 1.35, but above version 1.09 is considered vulnerable, unless patched. To prevent being compromised, I advise you update all instances of timthumb.php to version 2.0, or patch the existing vulnerable files. Note that patching the files requires more in-depth knowledge of the PHP scripting language.
You can also install the the latest version of Timthumb.php manually from here. It is highly recommended that you update your blog theme, plugins, scripts and all other files to the latest recommended versions to prevent compromise. I also recommend you install the latest version of Timthumb to avoid any compromise of your blog.
Don’t wait for a hack, prevent it.
You can get in touch with me if you need help to install the patch on your blog.