The biggest security hole in WordPress websites
Next in the series of security-related posts, I want to talk about a huge security hole in many old WordPress websites that haven’t been kept up-to-date in the past year or two.
You may not believe it, but in fact the world is full of sites running on outdated software. Probably the site admins apply the maxim “if it ain’t broke, don’t fix it”. Well, sometimes it is broke, you just don’t know it yet.
In brief: TimThumb is a popular PHP script used to resize images automatically, and it is used by hundreds of themes for the even more popular CMS/blogging platform WordPress. Unfortunately, a security flaw was discovered within TimThumb in 2011. It would allow an attacker to gain complete control over your website. The vulnerability was fixed in a later version of TimThumb, but some websites may still be at risk if they were never updated.
Even if you have the latest version of WordPress and all its plugins, your theme may still be outdated. That’s why I recommend to any WordPress site admin to install the Timthumb Vulnerability Scanner plugin, which verifies your whole site for outdated copies of Timthumb and lets you install an update with a single click.