Plugin Fail

My apologies to anyone who happened to wander to my site this morning and afternoon, only to discover it was unreachable. My webhost, MacHighway, had a server issue today.

It looks like everything’s finally up and running now.

It appears the cause was an exploit in a WordPress plugin that hadn’t been updated by another user on the shared server. There is a plugin that’s used by many WordPress themes and other plugins called “timthumb”. Older versions are very vulnerable to being exploited.

There is a plugin called “Timthumb Vulnerability Scanner“. If you use WordPress at all, I recommend you install, activate, and run the plugin, then take action if it finds any issues.

Until next time...
Erik

4 thoughts on “Plugin Fail

  1. Thanks for the great PSA, Erik. I installed the scanner and it found a one instance of an outdated timthumb file in an inactive plugin and it fixed it.

    1. Always a good reminder to keep one’s stuff updated. One never knows when some bad guy out there is trying to exploit one’s site for nefarious purposes.

Leave a Reply