Awhile back one of my sites was hacked and it was the infamous TimThumb hack which is a common vulnerability in outdated versions of WordPress or more specifically the TimThumb script which resizes images in WordPress. I was reminded of it when a friend of mine’s site was more recently hacked and sure enough it was from the TimThumb vulnerability once more.
Protecting Yourself From the TimThumb Hack
If you’ve already fallen victim to the hack (which is likely you’ve received messages from people saying they can’t access your site or you’ve gotten an error when trying to access it yourself) then the best thing you can do is reinstall the latest version of WordPress, replace your wp-config file with a new one with changed passwords, and lastly find the offensive files which have been added to your site and delete them.
The best thing to do is to ensure you’re as fortified against being hacked as possible. Do this by ensuring that your theme is as up to date as possible. Just like plugins and versions of WordPress itself, themes need to be updated every so often as certain files which are associated with WordPress leave themselves open to hacking and attacks after a time.
In doing some research on TimThumb and the vulnerability plugin, I also stumbled upon a very effective security plugin for WordPress from someone who was hit by a TimThumb vulnerability and subsequently worked to rewrite TimThumb 2.0 to make it more secure and then subsequently went on to create the plugin I’m referring to: WordFence.
This is a free plugin which acts as an anti-virus and malicious URL scanner, a firewall, and scans your live traffic including crawlers. Basically it looks for back doors or wholes in your security to ensure that your site’s security cannot be compromised.
More than that it gives you a live look at who is on your site to see who is consuming most of your content, who is running into 404 issues, logging in and out, and even can tell when robots are crawling your site.
Check out the rest of my WordPress security tips to make sure that you’re as secure as possible on your site.