Plugin Author
AITpro
(@aitpro)
Find the exact filename of the TimThumb script that your Theme is using and add it to this security filter in your Root .htaccess file.
This example TimThumb filename has been added to the BPS TimThumb security filter below: example-tim-thumb-script.php You would add the actual name of your Theme’s TimThumb script to this security filter in your Root .htaccess file.
# TIMTHUMB FORBID RFI and MISC FILE SKIP/BYPASS RULE
# Only Allow Internal File Requests From Your Website
# To Allow Additional Websites Access to a File Use [OR] as shown below.
# RewriteCond %{HTTP_REFERER} ^.*YourWebsite.com.* [OR]
# RewriteCond %{HTTP_REFERER} ^.*AnotherWebsite.com.*
RewriteCond %{QUERY_STRING} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC,OR]
RewriteCond %{THE_REQUEST} ^.*(http|https|ftp)(%3A|:)(%2F|/)(%2F|/)(w){0,3}.?(blogger|picasa|blogspot|tsunami|petapolitik|photobucket|imgur|imageshack|wordpress\.com|img\.youtube|tinypic\.com|upload\.wikimedia|kkc|start-thegame).*$ [NC]
RewriteRule .* index.php [F,L]
RewriteCond %{REQUEST_URI} (example-tim-thumb-script\.php|timthumb\.php|phpthumb\.php|thumb\.php|thumbs\.php) [NC]
RewriteCond %{HTTP_REFERER} ^.*ait-pro.com.*
RewriteRule . - [S=1]
Plugin Author
AITpro
(@aitpro)
Did you add your TimThumb file name to the Whitelist condition? Is this issue resolved? If so, please resolve this Thread. Thank you.
Thread Starter
oimgg
(@oimgg)
Hi,
Thanks a lot.
Not tested yet because I reinstalled WP for another reason and I no longer have this problem now, BPS works well.
But this will be helpful for all users who have this problem!
Best
