From 33fc9e0c6335ab53f13a4d6c19c48ce302083a21 Mon Sep 17 00:00:00 2001 From: ethicalhack3r Date: Fri, 17 Oct 2014 15:12:09 -0700 Subject: [PATCH] Updated WordPress Security Tips (markdown) --- WordPress-Security-Tips.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/WordPress-Security-Tips.md b/WordPress-Security-Tips.md index 4c7ac08..2721603 100644 --- a/WordPress-Security-Tips.md +++ b/WordPress-Security-Tips.md @@ -28,9 +28,9 @@ Add this line in the 'php.ini' file. error_reporting = off ``` -**7. Ensure any TimThumb files are up to date.** +**7. Remove any TimThumb files.** -TimThumb is a small php script for cropping, zooming and resizing web images which many WordPress themes use. In 2011 a Remote Code Execution vulnerability was found to affect it and was actively exploited. This vulnerability has been fixed in recent versions of TimThumb. If your WordPress theme uses the TimThumb script ensure that it is the latest version. +TimThumb is a small php script for cropping, zooming and resizing web images which many WordPress themes use. In 2011 a Remote Code Execution vulnerability was found to affect it and was actively exploited. The lead developer has since dropped the project. **8. Use a login lockdown plugin.**