Remove TimThumb Script totally from your WordPress Theme - Make Money Online


Saturday, 13 July 2019

Remove TimThumb Script totally from your WordPress Theme

Many of you might ask- ‘what in this freaking world is TimThumb actually?’ It is a php script. This script is used by WordPress themes to deal with thumbnails. TimThumb script is embedded within the theme function. It automatically ‘creates’ thumbnails for blog posts. Its various functions include- resizing, creating and modifying thumbnails. And here, I’m going to teach you how to remove it from your WordPress blog’s theme.

Why the hell should I remove TimThumb, you might ask

Well, you might be wondering why this mad author is urging his readers to delete it. After all, he just mentioned the use of this script. Aha, seems like the author is a moron, who apparently suffers from severe memory loss!

Hang on folks, I care for you guys so much! I want you to delete TimThumb because there are some very clear reason I’ve got-
TimThumb can be risky!

#1 Old TimThumb has some serious security vulnerabilities (and many folks still use the old one)

I’ve noticed that most of the free themes, that many new bloggers usually use, have this script in them. Earlier, it was reported that TimbThumb came with a big gaping hole (in security) in it! I mean, a hole that left open a big door open for hackers to exploit!

Hole here means security vulnerability, folks! Due to this, hackers could easily redirect your blog’s visitors to any site that they probably wanted! Do you like it if your visitors are redirected to a random porn site? Well, the visitor might actually enjoy it (depends on their mind-set), but you would be the last person to love that idea!

Now, the folks behind TimThumb came to know of this dumb blunder they made. Soon enough, they fixed it too. But, many bloggers, especially new ones, who are unaware of this whole episode, haven’t updated the TimThumb script on their blog yet!

You never know if your TimThumb script is the old one (vulnerable) or the new one. Here, make use of this vulnerability checker to make sure that you have a safe one on your blog.

Okay, checked it? Got vulnerabilities? If yes, be very scared! Time to get rid of this s**t! If no, well continue to use i…. hey, wait, I’ve got another reason why you should hate it. Read the next point to know more about it.

#2 The thumbnails it generates are not upto the mark!

Literally, the thumbnails it creates are poorly optimized. Whenever I checked my PageSpeed using Google insights or analyzed my blog using GT Metrix, the thumbnails would often turn out to be the culprits, who slow my blog down.

Remove the script and use another thumbnail generator, you’ll get much better performance.

Basically, TimThumb sucks at its job! It only had one thing to do- create thumbnails. But, in return, it puts more burdens on our blogs! Don’t you think it is high time that we get rid of this little script?

How to remove TimThumb script

Usually, the process has to be done in two phases. As I’ve mentioned earlier, it is a theme function. First of all do the following procedure-

Go to- “ C Panel > WP Content > Themes > Your Theme > TimThumb.php” and delete the php file!

This is the script that has been embedded to your theme. If your theme is using TimThumb, it is here that you’ll find its php file. If you don’t find one, assume that your theme isn’t using TimThumb!

Wait, it isn’t over yet. Like in hordes of Hollywood movies, we still have to make a final assault! Now, follow these steps-

Now you must delete the remains of the script from the functions.php file of your theme. Head to your blog’s “Dashboard > Appearance > Editor > functions.php”

There, scroll through various functions, and sure enough, you’ll find the ‘thumbnail function’. Make sure that you remove that code too. I’m showing you an example-

This is just an example of the thumbnail code. You might not find the exact same code in your blog. Before you remove the code, make sure that you take a goddamn backup! I repeat, take backup!

Function get_image($postid=0, $size=’full’) {
if ($postid<1) 
$postid = get_the_ID();
$thumb = get_post_meta($postid, “thumb”, TRUE); // Declare the custom field for the image
if ($thumb != null or $thumb != ”) {
echo get_image_path($thumb); 
elseif ($images = get_children(array(
‘post_parent’ => $postid,
‘post_type’ => ‘attachment’,
‘numberposts’ => ’1′,
‘post_mime_type’ => ‘image’, )))
foreach($images as $image) {
$thumbnail=wp_get_attachment_image_src($image->ID, $size);
<?php echo get_image_path($thumbnail[0]); ?>
<?php }
else {
$theme_name = strtolower(get_current_theme());
echo get_image_path(‘wp-content/themes/’.$theme_name.’/images/’);
function get_image_path($thumbnail=”) {
global $blog_id;
if (isset($blog_id) && $blog_id > 0) {
$imagePath = explode(‘/files/’, $thumbnail);
if (isset($imagePath[1])) {
$thumbnail = ‘/blogs.dir/’ . $blog_id . ‘/files/’ . $imagePath[1];
return $thumbnail;
// Show Post Thumbnails
function show_thumb($width = 100, $height = 100) {
<a href=”<?php the_permalink() ?>” rel=”bookmark”><img class=”thumb” src=”<?php bloginfo(‘template_directory’); ?>/includes/timthumb.php?src=<?php get_image(); ?>&amp;h=<?php echo get_theme_mod($height); ?>&amp;w=<?php echo get_theme_mod($width); ?>&amp;zc=1″ alt=”<?php the_title(); ?>” /></a>

Delete both the php script and the code shown above and you’re done! Yes, you just removed TimThumb script from your theme. Now you can do that victory dance of yours! Better yet, you can thank me, by sharing this article on social sites! Like, tweet and +1 it if you find this post helpful.

No comments:

Post a comment