WordPress.org

Forums

All of my wordpress sites have been hacked (2 posts)

  1. ywap
    Member
    Posted 2 years ago #

    All of my websites have been hacked and are now redirecting to foreign websites. I have read that it is most likely caused by my outdated version of the timthumb plugin.

    Does timthumb update when I update wordpress? If not how do I keep it up to date to prevent this from happening?

    Thanks

  2. catacaustic
    very awesome
    Posted 2 years ago #

    Timthumb is not part of the WordPress core. It's used mostly in themes for image resizing, and it's been probably the most highly publicised vunerability that's been found for a very long time.

    There are plugins that can scan for timthumb and help you to update it to the latest scripts, and that might help.

    I've had this happen on some of my sites, and even after I removed all of the malicious code, upgraded to the latest version of timthumb and did everything that was recommended to stop this, it kept happening. It only stopped after I completely removed timthumb from the sites. I'd recommend that you don't use timthumb unless you really have to.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.