Good bye Timthumb

Posted on

Even though Templatic themes weren’t affected by the timthumb scare last year, a number of our members still felt that TimThumb was unnecessary and should be replaced with other solutions. After a lot of tweaking and code-changing we can finally announce that timthumb has been removed from all Templatic themes in favor of the built-in WordPress resizing function. Some themes (newest ones) were never released with timthumb while some already received an update that disables timthumb (GeoPlaces).

Here’s a list of themes from which timthumb has been removed today:

Answers
Appointment
Automobile
Classifieds
DailyDeal
eBook
Foodilicious
Hospitality
HotelBooking
iPhoneApp
PrivateLawyer
Publisher
Rejuvenate
Responsive
Reviews
SpaSalon
Specialist
VacationRental
WebHosting

While we definitely welcome this new change for good of everyone, tim thumb was an awesome innovation when no other solution was available and it really contributed to a great deal in Premium Theme business. Thank you Ben Gillabanks for that awesome innovation, so right on time.

Updating instructions

  • Update the theme as you normally would or just replace the files mentioned in the change_log
  • After updating you will notice that your images are not coming up as thumbnails but as original images; this is normal so don’t worry
  • For images which are displayed using the post image gallery you can use a plugin called AJAX Thumbnail Rebuild to automatically rebuild thumbnails. If you’re unsure what “post image gallery” means open this article
  • Images that are not displayed using the post image gallery (their source is a custom field for instance) have to be re-uploaded

In other news…

With a lot of help from Amir and others from onTheGoSystems, GeoPlaces is now 100% WPML compatible. Even tough the theme worked with WPML from the start some areas were lacking. All those issues are now fixed! More importantly, future fixes will also come much faster since we now have much more experience with the plugin

For those unfamiliar with WPML, it is a very advanced premium WordPress plugin that allows you to fairly quickly set up a multilingual site. It is by far the best solution for anyone that wants to showcase a WordPress site in more than one language.

Click here to visit the WPML website

6 thoughts on “Good bye Timthumb

  1. Rajeev B says:

    Good job done your team.Right from the day i heard about the timthumb hole,i used to scan through my theme files to check if i was using timthumb & infact replaced such themes with simpler ones.

    Templatic has done the right thing by removing timthumb from your themes..Great work

  2. Anonymous says:

    I was using the Restaurant template last year and it most certainly was vulnerable to the timthumb exploit. It took a ton of work to scrub our server clean of it.

    1. Vedran says:

      Hmmmm. It’s possible the attackers went in some other way. Most sites were hacked because external sites were allowed, those sites were not allowed in our themes – timthumb only worked with uploaded images. That said, timthumb was never very hack-proof, that’s why many are now removing it in favor the of built-in WordPress resizer.

  3. Jonathan says:

    Good idea finally removing timthumb. There are many better options now available.

  4. Sanjin says:

    TimThumb is a good thing. I see no reason why it should be removed. On the contrary. If some version of the plugin is vulnerable does not mean that the plugin should be rejected. Plugin just needs to be refreshed regularly to a newer version. And that’s all.

    This might help you: Timthumb Vulnerability Scanner: //wordpress.org/extend/plugins/timthumb-vulnerability-scanner/

    Attacks were going through the media upload. It is open to visitors. I warned of when I worked at JobBoard 3. But no one wants to listen.

    1. Vedran says:

      TimThumb was good, we liked it, I still love it. The problem with TimThumb was the bad reputation it started getting after the hacking incidents. People started perceiving the script as a security threat (even though it wasn’t – not anymore at least). TimThumb made image resizing easier to the developer, the end user won’t really feel a difference.

Comments are closed.

Cart 0
Got a question?