How to Remove TimThumb Hack From WordPress Website?


Developers who have been a part of the WordPress group for a long time are likely to be familiar with the TimThumb. It’s a PHP script that resizes thumbnail images for use on your website.

TimThumb was very common, to the point that it was used in a variety of themes. However, it revealed a flaw that enabled millions of WordPress sites to be hacked. We still see hacks as a result of it today.

If you’re not sure if your site is vulnerable to the TimThumb flaw, you can run a search to see if it is. We’ll show you how to search your website and clean it up if it’s been hacked in this post.

TL;DR version

Install our WordPress malware removal plugin if you suspect your website has already been hacked and want to clean it up right away. It will disinfect your website and take precautions to ensure that it is safe from future hacking attempts.

What is a TimThumb Exploit?

TimThumb is a PHP script that allows users to import images from image-hosting websites (such as and and edit them in real-time, especially to create thumbnails.

TimThumb had a trustworthy website list, and only photos from those pages were retrieved. However, the developers were unaware of a significant flaw in the process. WordPress TimThumb just looked to see if the picture URL was correct for those pages. It didn’t check to see if the image files originated from those locations.

While ‘’ is a whitelisted website, the vulnerability will trick you into retrieving files from malicious websites such as ‘’

Bad sites will inject malicious files into your website, allowing hackers to gain access to it. This is how the TimThumb hack infects your website.

Despite the fact that this security flaw was patched, TimThumb has been the victim of security vulnerabilities in the past. The TimThumb script was eventually abandoned by its creators. The majority of themes that used the script issued a patch so that their program could continue to function without TimThumb.

TimThumb could be used to resize images in a variety of themes. Your website is in jeopardy if your theme only uses TimThumb. We strongly advise that you check your website right away to see if it has been hacked.

We recommend that you clean your website immediately if the themes built on it still use TimThumb, resulting in your site being compromised. However, if you are unsure if your themes use TimThumb, we recommend that you check your website right away.

How to Scan & Remove TimThumb WordPress Hack?

You can manually search your site for TimThumb hacks or use a plugin to do so. We advise against using the manual method because it is time-consuming and prone to minor errors that can result in major problems such as broken websites. If you’re still interested in learning more about the operation, check out our detailed guide on How to Clean a Hacked Site.

To clean up the hack and delete the TimThumb vulnerability, we strongly advise using a WordPress security plugin.

Still, with so many choices, we understand how difficult it is to choose a good plugin.

Don’t be concerned! The MalCare Security Plugin is the perfect plugin for you. It’s a good way to get rid of any sort of hack, like TimThumb. This is why:

  • MalCare includes a scanner that is capable of scanning the entire website. This applies to all files and databases. MalCare goes beyond what many plugins do by looking at areas where malware is commonly found. It searches every nook and cranny of your website, which is how it finds malware that other plugins miss.
  • The plugin detects all types of malware, including known and unknown threats. It examines the actions of the code in order to identify malicious code and mark it as malware. This lowers the likelihood of false positives.
  • Delays in cleanups will result in Google blacklisting and the suspension of your web host. Given the importance of time when a website is hacked, MalCare allows you to clean your website in a matter of minutes.

We can start cleaning your website now that we’ve seen the highlights of the MalCare Security Plugin. Now, let’s use the plugin to clean up your website.

Remove WordPress TimThumb Hack With MalCare Security Plugin

  1. Link your website to the MalCare dashboard after installing the plugin on your platform.
  2. MalCare will immediately begin searching the website. It will show the number of malicious files and tables discovered.
  3. Choose the Auto-Clean option to uninstall the malware. MalCare will disinfect the website in a matter of minutes.

Post Malware Removal Measure

MalCare will disinfect your website and delete any malware traces. However, you must also address the TimThumb flaw. This will prevent your website from being hacked again.

We’ll show you how to get rid of the flaw.

A plugin or theme contains TimThumb vulnerabilities. Given the widespread nature of the security flaw, any responsible plugin or theme developer would have issued a patch to address the issue. The patch can be applied by modifying the theme or plugin.

Log in to your WordPress site and install all pending updates, including disabled and custom themes and plugins (recommended read: WordPress security updates).

Then, to protect your website from future hacking attempts, we suggest putting in place hardening steps. To assist you, we created a step-by-step guide on how to implement website security measures.

TimThumb Alternatives?

Websites will now automatically resize images depending on the computer being used thanks to TimThumb. But how do you get this feature on your site if you don’t have TimThumb?

WordPress, fortunately for us, does this for us automatically. Image resizing is now a built-in feature of WordPress.

When you upload a file, it automatically resizes and serves the appropriate image size for the computer. Furthermore, when you upload a featured image for a post or a blog, a thumbnail size is automatically produced. The thumbnail is what you see when you go to a website’s Blog page.


The TimThumb hack has infected millions of websites and is still wreaking havoc on the net. The TimThumb hack is just one of the many regular hacking attempts on your website.