WordThumb is now TimThumb 2.0

News [April 24th, 2012]: I’ve launched Wordfence to permanently fix your WordPress site’s security issues. Click here to learn more.

On the suggestion of Matt Mullenweg (wordpress founder) Ben Gillbanks (timthumb author) and I have been working for the last day to merge my work on WordThumb into TimThumb 2.0.

That work is now complete and TimThumb 2.0 is now available for download from the TimThumb site.

I’m going to be working with Ben going forward to continue to have TimThumb be the easiest to use, fastest, most popular and most secure thumbnail script on the Web.

Here are a few enhancements in TimThumb 2.0:

  • Includes the ability to take website screenshots if you have Xvfb and CutyCapt installed. (Instructions included how to do this)
  • All filters and resizing can be applied to website screenshots.
  • The cache directory is now secure and is still public for flexibility across platforms.
  • TimThumb creates index files in your cache to prevent directory listings.
  • Filenames are more randomized using data that a hacker doesn’t have access to, making it very hard to guess filenames in cache and access them.
  • Cache files have a .txt extension which means the web server won’t execute them.
  • All cached files have a fixed length record at the beginning which, if a web server tries to execute them, will be interpreted as PHP code and will cause an immediate exit.
  • It includes file locking when files are created in cache to avoid conflicts.
  • The entire code base has been rewritten and refactored for better code scaleability.
  • Lots of other improvements.
So give it a whirl and if you have any suggestions or find any bugs, please file them on the TimThumb issues page. Thanks.

41 thoughts on “WordThumb is now TimThumb 2.0

  1. I was told to set allow_external=true in my php.ini file. I do not see that command anywhere within my php.ini file. With out this my images are unable to display correctly on my slider. Please Advise.

Comments are closed.