WordPress.org

Ready to get started?Download WordPress

Forums

BulletProof Security
[resolved] Problem with ThimThumb (4 posts)

  1. oimgg
    Member
    Posted 1 year ago #

    Hi,

    I've problem with my theme that uses ThimThumb.

    The message on my theme check is :

    "TimThumb PHP Script

    ThimThumb image resizer script is not working on your server!

    This script resizes and crop the images. Without this script, you must edit your images manually."

    The problem is solved only if I disable BPS. It's a pitty...

    Thanks in advance

    http://wordpress.org/extend/plugins/bulletproof-security/

  2. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Find the exact filename of the TimThumb script that your Theme is using and add it to this security filter in your Root .htaccess file.

    This example TimThumb filename has been added to the BPS TimThumb security filter below: example-tim-thumb-script.php You would add the actual name of your Theme's TimThumb script to this security filter in your Root .htaccess file.

    # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
    # Only Allow Internal File Requests From Your Website
    # To Allow Additional Websites Access to a File Use [OR] as shown below.
    # RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
    # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
    RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
    RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
    RewriteRule .* index.php [F,L]
    RewriteCond %{REQUEST_URI} (example-tim-thumb-script\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
    RewriteCond %{HTTP_REFERER} ^.*ait-pro.com.*
    RewriteRule . - [S=1]
  3. AITpro
    Member
    Plugin Author

    Posted 1 year ago #

    Did you add your TimThumb file name to the Whitelist condition? Is this issue resolved? If so, please resolve this Thread. Thank you.

  4. oimgg
    Member
    Posted 1 year ago #

    Hi,

    Thanks a lot.

    Not tested yet because I reinstalled WP for another reason and I no longer have this problem now, BPS works well.

    But this will be helpful for all users who have this problem!

    Best

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.