WordPress: Timthumb vulnerability fix

If you're viewing the above screenshot on your site with Chrome, your site has been compromised by the Timthumb vulnerability. The best thing you can do is to follow the instructions provided below.

What's happened?

Your WordPress theme uses an outdated version of the Timthumb library. By exploiting this vulnerability, most of the JavaScript files of your theme (and also some core JavaScript files used by WordPress) have been tainted with malicious code (appended at the end of each file). Also, the cache of your theme might contain malicious code in some PHP files.

What can I do?

  1. To fix the Timthumb vulnerability, download and use the Timthumb Vulnerability Scanner plugin.
  2. Replace your compromised theme files with a clean copy.
  3. Upgrade or restore your WordPress installation.

Finally, you have to notify Google that now your site is safe again. Use the Reconsider site functionality provided by Google.

Leave a Reply

Note: Only a member of this blog may post a comment.