WordPress Sites Hacked Via Timthumb.php

One of my Wordpress based websites got compromised. When I was logged into the Wordpress by previewing posts a bogus website would pop up.

To check if your website was compromised you can visit this site to run free check: Sucuri Security Site Check.

Then you may want to ensure that your timthumb script is the latest version, already updated with tighten security. In my case my hosting server updated the script for all Wordpress users.

Latest timthumb can be found here.

More reading:

Timthumb.php Security Vulnerability – Just the Tip of the Iceberg

WordPress Sites Hacked with Superpuperdomain dot com (Attacking Timthumb.php)

If your site was hacked then best way to clean up is to re-install your theme. Ensure that your timthumb is the latest version. The hack did not affect the database in my case.

No comments:

Post a Comment

Your comments are appreciated.