This is just yuck kinda news. It affects not only a ton of WP sites but also a lot of static sites as well.
According to Mark Maunder, a developer who first located the timthumb.php vulnerability being exploited (his site was hacked), “An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it.”
The file is TimThumb.php but some themes and plugins have renamed it to Thumb.php (though not all thumb.php files are secretly timthumb.php)
While most are saying this is a “theme issue” a search of my backups yield the affected file present not only in a large number of themes but also in certain shopping cart plugins, thumbnail plugins, slider plugins and more (pretty much any plugin that even looks at an image sideways may be affected).
Checking only the active theme is not good enough. You can be impacted even if the plugin or theme containing the file is not active or activated. So simply having an affected theme or plugin installed even if you are not using it is too dangerous.
The developer that discovered the hack has subsequently started recoding the script but it will not fix whats on your site magically. Read more.
Information we know: Fixes for some of the WooThemes themes. Fixes for some of the ElegantThemes themes. Thesis claims as does Genesis now (and appear to possibly be right) to be using a already modified version of the code that is not affected. We also know that all VaultPress subscribers were auto-patched by the Automattic team.
To check if your theme and plugins carries the troublesome TimThumb.php and file (similar works for plugins, just use the plugin editor), from your admin Dashboard, click on “Appearances”, then select (in the sub-menu) “Editor”. In the theme drop down box at the upper right, select each individual theme and then look at the list of files you have on the right.
If you see Timthumb.php there, you’ll want to either delete it (make a copy first) or check on the status of the program being secure with the latest update. Alternatively, you could contact your theme’s developer and ask them if they have an update.
To check for the files in your plugins, simply do similar to above, only going Dashboard, then “Plugins” then “Editor” and then select (in the drop down box at the upper right) each individual plugin and look at its file list.
(Experienced user? The fastest way to check for the file anywhere it could be hiding is to download a copy of your hosting account (all sites, even non-wp ones) to your local computer and then do a file search for the files.)
Regardless of the theme you’re using, look for updates immediately. Contact your developer/designer if you have a support contract. If your theme is using timthumb.php its essential you get patched NOW even if your theme has no official support to do it for you. (Switching to a default wp theme like Twenty Ten or Twenty Eleven will temporarily put you in a safe zone.)
This is one of those times when having paid for a premium theme – with access to that themes support forum – is going to pay off for you as many on free themes are “on their own” for this one. Please remember you have to check for it in all themes AND all plugins, checking only your active theme is not enough.
Contact me if you wish to open as support ticket for assistance with your site.
Your Partner In Online Success
PS: Want to learn more about how to secure WordPress against most hacking and malware attacks? Click here to learn how to defend your blog or WordPress site!
PS: In the unfortunate chance that your site has already been hacked (which may or may not be easily evident to you) for fixing a site affected by hacking or malware, learn more here.