Many WordPress themes out there come bundled with a script called TimThumb.php. This script easily creates thumbnail versions of images for teasers and more. A major vulnerability has been found in this script that can allow a hacker to place dangerous code on your site.
To fix this problem, you can either hack the timthumb.php file, or delete it altogether. To hack the file:
- SSH into your web server.
- cd into your WordPress installation directory.
- cd into your WordPress theme directory and find timthumb.php
- Edit the file using the nano command.
- Look for $allowedSites = array (
- Delete everything within the parenthesis, so it looks like this: $allowedSites = array();
- Press Control-X, hit Y and then Enter.
- You're done!
Not sure how to fix this, or don't want to mess up your site? Contact me and I'll do my best to help you out!