Support » Plugin: BulletProof Security » Bullet Proof Security and TimThumb

  • Resolved


    I am using a third party theme for a site I am developing. The theme uses TimThumb for displaying thumbnail images. I am also using the Bullet Proof security plugin V .49.2 on the site.

    With the Bullet Proof Security secure .htaccess enabled in the root, thumbnail placeholders appear on the frontend instead of the thumbnail images themselves. When I right click on the thumbnail placeholder and select to “View Image” I get the error:

    403 Forbidden Error Page

    If you arrived here due to a search or clicking on a link click your Browser’s back button to return to the previous page. Thank you.

    When I use a default (non Bullet Proof Security) .htaccess in the root then the thumbnail images are displayed as expected.

    Can you advise what I need to do to resolve this issue?

    Many Thanks

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Author AITpro


    Check your BPS Security log and post the error directly related to this issue/problem. If you do not see an error logged for this in the BPS Security log then right mouse click on the thumbnail and choose: Chrome: Copy link address, IE: Copy shortcut, Firefox: Copy Link Location, Safari: Copy Link and paste the link/URL here.

    Thanks for the reply.

    The script that handles my TimThumb is named tn.php. I have identified that for the script to work I need to add tn.php to the TimThumb rule in my root secure .htaccess as follows:-

    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php|tn\.php) [NC]

    How/where do I change this line such that the change is retained whenever I generate a new secure.htaccess file in Bullet Proof Security? I have tried to apply the change in the file under the “htaccess File Editor” -> “secure.htaccess” tab. However, when I then create a secure.htaccess file under the “Security Modes” tab the new secure.htaccess file does not retain the change to the TimThumb rule that I applied under the under the “htaccess File Editor” -> “secure.htaccess” tab but instead shows the default rule :-

    RewriteCond %{REQUEST_URI} (timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]

    i.e. the rule with the inclusion of the tn.php filename.

    Plugin Author AITpro


    Great job on figuring this out! You would add this custom code to BPS Custom Code. This Forum link below has step by step instructions on how to do that.

    Images not displaying, timthumb theme images, thumbnail images

    Plugin Author AITpro


    Oops I just realized the step by step instructions are for the other skip/bypass option. Give me a minute and I will update that Forum Topic with step by step instructions for the Timthumb Forbid code.

    Plugin Author AITpro


    Ok the Forum Topic help info has been updated and includes the Timthumb Forbid Custom Code steps now. Thanks.

    Sorry. Where do I find the updated Timthumb Forbid Custom Code steps?

    It’s Ok. I figured it out.

    Many Thanks for the help.

    Plugin Author AITpro


    So everything is working correctly now? Thanks.

    Working perfectly thanks.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Bullet Proof Security and TimThumb’ is closed to new replies.