Knowledgebase

Help! TimThumb is not working on my WordPress site!

So you're building a website and you want to use TimThumb, but it just doesn't seem to want to work!

The issue with TimThumb, though popular, can be a bit messy and open your website to a whole new can of worms if implemented incorrectly. This is because timthumb makes use of absolute paths which can raise a serious security flaw in your site and open your site to various hacks, etc.

Though this is a bit against the grain with 'out of the box websites' and CMS such as Wordpress, we find that this added bit of security goes a long way.

To use TimThumb you are going to want to create a new function, I typically call it 'remove_http', but you can call it whatever you like...

Step 1 - create your function in your wordpress wp-includes/functions.php file -

function remove_http($url = '')

{

if ($url == 'http://www.yourdomain.com/' OR $url == 'https://www.yourdomain.com/'){

return $url;

}

$matches = substr($url, 0, 26);

//note that the substr string is subtracting the exact amount of letters in your url (from 'http://' to '.com/'), your numbers here will vary based on your domain name.

if ($matches=='http://www.yourdomain.com/'){

$url = substr($url, 26);

}else{

$matches = substr($url, 0, 27);

if ($matches=='https://www.yourdomain.com/')

$url = substr($url, 27);

}

return $url;

}

Step 2 - Find and replaceyour timthumb path where it is called throughout your template files (this may require updating several different files, depending on how timthumb is utilized in your site) so this would be your outcome -

'/timthumb.php?src='.remove_http(thumb_url()).'&h=78&w=182&zc=1"

This should fix all of your problems and allow you to run timthumb without issue.

  • 4 Users Found This Useful

Was this answer helpful?

Related Articles

How can I access the CPanel?

You can access the cpanel with the following URL: yourdomainname.com/cpanel Once in the CPanel,...

Internal Server Error php.ini and .htaccess

We have enabled suphp mechanism on the server this insures compatibility to php5 and future...