Title: Timthumb
Last modified: August 21, 2016

---

# Timthumb

 *  Resolved [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/)
 * Hi, i just barely installed BPS when i reloaded my pages my timthumb images are
   just not showing. i’ve googled alot of keywords and found your posts on this 
   issue. my Timthumb script is up to date, this is what my hta code looks like 
   for timthumb.
 * > # TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
   >  # Only Allow Internal
   > File Requests From Your Website # To Allow Additional Websites Access to a 
   > File Use [OR] as shown below. # RewriteCond %{HTTP_REFERER} ^.*cheaplolteams.
   > com.* [OR] # RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.* RewriteCond%{
   > QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa
   > |blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.
   > youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR] RewriteCond%{
   > THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa
   > |blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.
   > youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC] RewriteRule.*
   > index.php [F,L] RewriteCond %{REQUEST_URI} (timthumb/tt.php|img\.php|tt.php
   > |img.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC] RewriteCond%{
   > HTTP_REFERER} ^.*cheaplolteams.com.* RewriteRule . – [S=1]
 * [http://wordpress.org/plugins/bulletproof-security/](http://wordpress.org/plugins/bulletproof-security/)

Viewing 15 replies - 1 through 15 (of 18 total)

1 [2](https://wordpress.org/support/topic/image-404/page/2/?output_format=md) [→](https://wordpress.org/support/topic/image-404/page/2/?output_format=md)

 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008532)
 * Check your BPS Security Log page/file and post the error from the Security Log
   that shows “timthumb” in the logged error.
 *  Thread Starter [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008547)
 * Hey there AITpro! my error log is filled with errors with timthumb.
    this is 
   the top error, sorry if i should of posted it all but literly its HUGE =O.
 * > >>>>>>>>>>> 403 GET or Other Request Error Logged – August 8, 2013 – 12:25 
   > pm <<<<<<<<<<<
   >  REMOTE_ADDR: 108.162.221.217 Host Name: 108.162.221.217 SERVER_PROTOCOL:
   > HTTP/1.1 HTTP_CLIENT_IP: HTTP_FORWARDED: HTTP_X_FORWARDED_FOR: 98.202.159.185
   > HTTP_X_CLUSTER_CLIENT_IP: REQUEST_METHOD: GET HTTP_REFERER: [http://cheaplolteams.com/?preview=true&preview_id=462&preview_nonce=6965abd480](http://cheaplolteams.com/?preview=true&preview_id=462&preview_nonce=6965abd480)
   > REQUEST_URI: /wp-content/plugins/ubermenu/standard/timthumb/tt.php?src=http://
   > cheaplolteams.com/wp-content/uploads/2013/07/1375570195_cart_add.png&w=16&h
   > =16&zc=1 QUERY_STRING: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64)
   > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.95 Safari/537.36
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008549)
 * The skip/bypass rule you need to add to BPS Custom Code is this below.
 * 1. Copy this .htaccess code below to the Custom Code: CUSTOM CODE PLUGIN SKIP/
   BYPASS RULES: Add ONLY personal plugin skip/bypass rules here : text box
    2. 
   Save your new custom code by clicking the Save Root Custom Code button. 3. Click
   the Create secure.htaccess File AutoMagic button on the Security Modes page. 
   4. Activate BulletProof Mode for your Root folder on the Security Modes page.
 * NOTE: If your WordPress installation is in a subfolder then add your WordPress
   subfolder name in the path.
    Example: /my-wordpress-installation-folder-name/
   wp-content/themes/…
 *     ```
       # Plugin Thumbnailer script skip/bypass rule
       RewriteCond %{REQUEST_URI} ^/wp-content/plugins/ubermenu/standard/timthumb/tt\.php [NC]
       RewriteRule . - [S=13]
       ```
   
 *  Thread Starter [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008558)
 * Wow this did the trick AIRPRO, very nice and detailed guide.
    this indeed did
   fixed my issue i didnt realize i had to recreate the hta file. Great Job on this
   plug and thanks you sir! But i was also wondering if this plugin reduced the 
   load page speed on my website. If it did, do you have any recommended techniques
   i should apply to regain some of my speed?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008559)
 * Yep, I believe BPS will slow your site down by .001 seconds. 😉
 * Actually we created some caching code in the link below that will speed up your
   site up to 2 seconds faster and maybe more depending on what your site is loading.
 * [http://forum.ait-pro.com/forums/topic/where-is-the-log/page/2/#post-7436](http://forum.ait-pro.com/forums/topic/where-is-the-log/page/2/#post-7436)
 *  Thread Starter [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008561)
 * This is very useful im really interested in this.
    Sorry im a bit confused though,
   where do i paste this code? im not sure if i even paste this code =( sorry, can
   you help me out with this is possible please?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008567)
 * Click the Custom Code Video Tutorial link on the Custom Code page to get the 
   general idea about how to use/add/edit custom .htaccess code.
 *  Thread Starter [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008576)
 * Hi AITprom, does BPS protect me enough or should i apply these Better WP Secruity’s
   methods, here are the methods:
    Changing the database prefix Changing the wp-
   content directory Hiding backend (login, register and admin page)
 * Does BPS already do these methods?
    If BPS doesnt, would i have to recreate/redo
   everything on BPS to register these changes? Thanks for the constant support 
   AIRpro!
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008577)
 * The login hide backend feature does not work in Better WP Security. This has 
   been a known issue for a very long time now (months if not years). If you want
   additional login page protection we have created some options in the link below.
 * [http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/](http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/)
 * Personally and professionally speaking neither of these Better WP Security features
   offer any additional security protection:
    Changing the database prefix Changing
   the wp-content directory. Both of these “methods” are very easily beaten/bypassed.
 * So without saying either yes or no about Better WP Security I think you have 
   my opinion already. 😉
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008578)
 * This plugin looks promising: All In One WP Security & Firewall. I have not personally
   tested it, but I have heard good things about it. So maybe take a look at that
   plugin and see what it has to offer.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008612)
 * Resolving this thread. If you have additional questions regarding this topic 
   then post them. We still recieve email notifications even if the thread is marked
   as resolved. Thanks.
 *  Thread Starter [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008618)
 * Hi AITpro, i was wondering what this error means and how i can maybe fix it. 
   i started receiving it after i setup BPS.
 * BackUpWordPress has detected a problem. wp-cron.php is returning a 403 Forbidden
   response which could mean cron jobs aren’t getting fired properly.
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008619)
 * The solution is here: [http://forum.ait-pro.com/forums/topic/backupwordpress-404-not-found/#post-708](http://forum.ait-pro.com/forums/topic/backupwordpress-404-not-found/#post-708)
 *  Thread Starter [cheaplt](https://wordpress.org/support/users/cheaplt/)
 * (@cheaplt)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008620)
 * Oh forgot to ask sorry, but do i have to recreate the .hta file every time i 
   write to it?
 *  Plugin Author [AITpro](https://wordpress.org/support/users/aitpro/)
 * (@aitpro)
 * [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/#post-4008621)
 * If you add new code to Custom Code then yes the procedure is:
 * 1. Add your code to BPS Custom Code.
    2. Save your custom code. 3. Create new
   master .htaccess files with AutoMagic. 4. Activate the new master .htaccess files
   and make them Live/active.

Viewing 15 replies - 1 through 15 (of 18 total)

1 [2](https://wordpress.org/support/topic/image-404/page/2/?output_format=md) [→](https://wordpress.org/support/topic/image-404/page/2/?output_format=md)

The topic ‘Timthumb’ is closed to new replies.

 * ![](https://ps.w.org/bulletproof-security/assets/icon-128x128.png?rev=1731938)
 * [BulletProof Security](https://wordpress.org/plugins/bulletproof-security/)
 * [Support Threads](https://wordpress.org/support/plugin/bulletproof-security/)
 * [Active Topics](https://wordpress.org/support/plugin/bulletproof-security/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/bulletproof-security/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/bulletproof-security/reviews/)

 * 18 replies
 * 2 participants
 * Last reply from: [AITpro](https://wordpress.org/support/users/aitpro/)
 * Last activity: [12 years, 9 months ago](https://wordpress.org/support/topic/image-404/page/2/#post-4008626)
 * Status: resolved