Avoid WordPress Timthumb Hacks

Timthumb.php is a small php script for cropping, zooming and resizing web images (jpg, png, gif) that is a part of a ton of WordPress themes. It allows themes to automatically re-size images. This is great if you have a blog and want to upload one image but also have it auto-generate smaller versions of the image for say, blog snippets on a category page. Unfortunately, this script allows for the modification of files and is located on your server. Fortunately it is updated regularly to combat the continual onslaught of hackers out there. The newest version can be found here: http://timthumb.googlecode.com/svn/trunk/timthumb.php

I’ve seen a few sites hacked in the past, and the cleanup is always a PITA. Here are a couple “calling cards” hackers have left behind: