define ('WEBSHOT_ENABLED', false);to your
A security vulnerability within the TimThumb image resizing script was recently brought to light. This vulnerability uses the webshots feature (in beta) in TimThumb to gain unauthorised access to a website running TimThumb.
TimThumb, bundled into our WooFramework, is a script we keep a close eye on, to ensure it is safe and secure for you, our customers. While we are working through steps to remove TimThumb from our framework, the script is currently present in the WooFramework.
How to stay safe
By default, the webshots feature is disabled. This means that, unless you specifically enabled the feature on your website (via code), your website is not vulnerable to this exploit.
As your website’s safety and security is of paramount importance to us, we’d like to provide a few extra tips for further safeguarding your website against this particular exploit.
Please ensure that, in your
wp-config.php file, you have the following line:
define ('WEBSHOT_ENABLED', false);
This ensures that the webshots feature in TimThumb is disabled.
Please note that this is a safeguard and not required in order for your website to function.
Stay safe, everyone.