TimThumb shoots, VaultPress saves!

Posted on by

Any of you who follow WordPress news sites or any WordPress geeks on Twitter will be well aware of the vulnerabilities that were found in the PHP image resizing script, TimThumb. TimThumb is being used in many free and premium WordPress themes so this vulnerability caused a bit of a stir around the place. I actually used the script on the current sennza WordPress theme because this theme was whipped up over 18 months ago very quickly and back then I hadn’t used WordPress inbuilt add_image_size which I’m using almost every day on clients sites these days.

Our blog uses VaultPress for backups and security and VaultPress were onto the vulnerability post haste. I’m often singing VaultPress’s praises on Twitter but I wanted to post on the record about just how amazing the VaultPress plugin and team are when it comes to backups and security! Read on to find out about yet another amazing VaultPress experience of mine!

Round 1: We were in the clear with TimThumb

I received the following email from the VaultPress team so I knew we were covered for the meantime:

VaultPress - Round One

You can read about the initial findings in a post by John Ford on the VaultPress blog.

The Round 1 Intermission

In a brief chat to Dion Hulse on Skype, Dion mentioned a few other vulnerabilities that he’d noted which you can find in Dion’s comments on this blog post. So thanks to Dion I was aware that there was more to it than the initial findings.

I spent yesterday doing some WordPress consulting at Brisbane Technology Park and funnily enough the theme that the company was using there used timthumb.php as well so I spent the time fixing that for them yesterday and thought to myself: ‘I have to fix this issue on our site first thing tomorrow’.

VaultPress To The Rescue

I checked my email this morning after I woke up and was pleasantly surprised to find out that the VaultPress team had been following the findings and had patched our site while I was sleeping so I didn’t have to update our site this morning!

VaultPress - Winning!

To say I was pleasantly surprised would be a serious understatement. I love VaultPress and wouldn’t be without it. Knowing that your backups are safe is one thing….but knowing your site is secure as well…even while your sleeping is something that you can’t put a dollar amount on!

Go and sign up to VaultPress now if you haven’t already!!!

Edit: Have a read of Matt’s thoughts on the TimThumb saga. You’ll see that the idea of VaultPress updating your site while you sleep is one of the key features that was envisioned for VaultPress. 

This entry was posted in Logic, Web Design, WordPress by Bronson Quick. Bookmark the permalink.

About Bronson Quick

Bronson Quick has over 10 years experience in Information Technology. He is formally trained in Applications Programming and has applied his programming background to become a master of web development. Bronson has worked with award winning design agencies, mid tier development firms and has successfully freelanced during his career. He also makes wicked slow cooked spicy lamb shanks.

Google Profile

4 thoughts on “TimThumb shoots, VaultPress saves!

  1. Pingback: The TimThumb Saga — Matt Mullenweg

  2. Pingback: The TimThumb Saga « WordPress.io

  4. Pingback: How To Use timthumb.php with Multisites | WP Code Snippets

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>