Any of you who follow WordPress news sites or any WordPress geeks on Twitter will be well aware of the vulnerabilities that were found in the PHP image resizing script, TimThumb. TimThumb is being used in many free and premium WordPress themes so this vulnerability caused a bit of a stir around the place. I actually used the script on the current sennza WordPress theme because this theme was whipped up over 18 months ago very quickly and back then I hadn’t used WordPress inbuilt add_image_size which I’m using almost every day on clients sites these days.
Our blog uses VaultPress for backups and security and VaultPress were onto the vulnerability post haste. I’m often singing VaultPress’s praises on Twitter but I wanted to post on the record about just how amazing the VaultPress plugin and team are when it comes to backups and security! Read on to find out about yet another amazing VaultPress experience of mine!
Round 1: We were in the clear with TimThumb
I received the following email from the VaultPress team so I knew we were covered for the meantime:
You can read about the initial findings in a post by John Ford on the VaultPress blog.
The Round 1 Intermission
In a brief chat to Dion Hulse on Skype, Dion mentioned a few other vulnerabilities that he’d noted which you can find in Dion’s comments on this blog post. So thanks to Dion I was aware that there was more to it than the initial findings.
I spent yesterday doing some WordPress consulting at Brisbane Technology Park and funnily enough the theme that the company was using there used timthumb.php as well so I spent the time fixing that for them yesterday and thought to myself: ‘I have to fix this issue on our site first thing tomorrow’.
VaultPress To The Rescue
I checked my email this morning after I woke up and was pleasantly surprised to find out that the VaultPress team had been following the findings and had patched our site while I was sleeping so I didn’t have to update our site this morning!
To say I was pleasantly surprised would be a serious understatement. I love VaultPress and wouldn’t be without it. Knowing that your backups are safe is one thing….but knowing your site is secure as well…even while your sleeping is something that you can’t put a dollar amount on!
Go and sign up to VaultPress now if you haven’t already!!!
Edit: Have a read of Matt’s thoughts on the TimThumb saga. You’ll see that the idea of VaultPress updating your site while you sleep is one of the key features that was envisioned for VaultPress.