Does your WordPress theme have functionality that聽 resizes images? Maybe it creates a thumbnail (small size image) based on a larger one. If so, check out this plugin and it’s description from the WordPress.org site:
The recent Timthumb.php vulnerability聽 has left scores of unsuspecting bloggers hacked. It’s the perfect combination of not so easy to fix for the technically disinclined, and easy to find and exploit for the malicious – resulting in a disastrous number of compromised sites.
The Timthumb Vulnerability Scanner plugin will scan your entire wp-content directory for instances of any outdated and insecure version of the timthumb script, and give you the option to automatically upgrade them with a single click. Doing so will protect you from hackers looking to exploit this particular vulnerability.
After new, lesser vulnerabilities were found, it became apparent that the plugin needs to be dynamic – able to keep you up to date with the latest version of timthumb, without requiring a plugin upgrade. The plugin now checks for the latest available version of timthumb routinely (each time you visit the scanner page, but no more than once a day), and can download and install the latest version, rather than the one included with the plugin. Scans are run daily (unless you disable them via the options link on the scanner page) via wp-cron to keep up with any new plugins or themes you’ve installed.
You can get the plugin via the functionality in your dashboard via Plugins / Add New and then searching for “Timthumb Vulnerability Scanner”.
WOW – thanks for this Paul – you are my WordPress eyes and ears – I am going to check my site as per your instructions right after I post this comment
Glad I can help! That’s what I do 馃檪 I scour the internet so you don’t have to 馃檪 (My new tag line? I crack myself up!)
just trying to help/follow-up – after you install/activate, you can find the plugin under Tool > Thumbnail Scanner – very easy to use/runs in jiff/finds old script and updates it with 2 clicks – my version of Socrates had no instances of the script, but Blueline did, and it was a old copy that needed updating
Yes – thanks for following up, Lar.
This is an easy update!
Thanks Paul – you are so knowledgeable in these areas as always.
I am just sharing the knowledge! Glad it helps, Faizel.
Thank you Paul! I don’t know why anyone would want to hack into my site, but it’s better to be safe than sorry. I appreciate your information 馃檪
Hackers do it just to have fun – not my kind of fun for sure, but they do it anyway. Others feel it is a way to get traffic to their websites and increase sales. UGH!