TimThumb Fix for WordPress Hosting Servers
Today I faced a problem with timthumb script on a client server.
I did some research and found the following solution.
- set the wp-content folder permissions to 755
- set the themes folder permissions to 755
- set the your theme folder persmission to 755
- set the cache folder permissions to 755
- set the timthumb.php permissions to 644
I hope it will help you guys sometime in future.
Thanks
Nice tut!
But what about handle timthumb in MU? It seems to be several solutions on the net but none of them works as expected. Matter in fact – WP MU doesn’t show any image post thumbnails at all – only in standalone mode. I believe this is a complex issue for many multiusers. Do you have any tip?
Kindly Lillan
Hi Lillan, I do not have much experience with MU but I think If permissions are good then I might be able to suggest something after reviewing your code. You can pass me exact code file using email address on our contact page. Thanks
Hi again!
I will send the code, but it’s the ordinary with latest timthumb script (v.2) and it works like charm as long as I don’t switches over to MU.
WP MU makes virtual sub domains and therefore you can’t use absolute url to the images (as timthumb do), instead you have to come up with a code that implement a dynamic AND absolut image path at the same time – in the functions.php.
** Timthumb has security risk! (no I’m not spam, check out the link, or google it
First, changing permissions isn’t a great fix if it can be done in any other way.
More importantly, timthumb is has a security vulnerability, and needs to be removed from your site. This isn’t the original article, but the best to sum up the issue, context, and solutions:
http://wpcandy.com/reports/timthumb-security-vulnerability-discovered
Oh, here’s by far the easiest fix!
http://www.woothemes.com/2011/08/timthumb-security-flaw-patch/
Thanks sharing this right information David