If you want to use Timthumb, you need to configure your setup properly.
Be sure to configure your folder permissions with the strictest permissions possible. If you are concerned, or are not confident in your server permission configuration, the safest solution is to disable timthumb, delete the timthumb directory, and simply pre-crop/size your thumbnails before uploading. That is the most server-efficient solution in any event.
Note that UberMenu’s timthumb script includes the patch for the security vulnerability discovered in 2011. However, you can always upgrade your timthumb script to the latest version if you wish.
While Timthumb is provided as a convenience, it is recommended that you simply upload properly sized images in the first place to maximize efficiency.
Configure server directory
- To setup TimThumb you will need to make the
- If you can, set the owner of the directory to your server’s username. For example, on Ubuntu you would run:
sudo chown www-data -R wp-content/plugins/ubermenu/standard/timthumb
(If you are using shared hosting, you should ask your host to advise you on timthumb best practices to avoid security issues)
- If not, you can set the permissions of the
Please note that while 775 is the timthumb-recommended setting, a more secure permission setting is 755, and if your timthumb works at this setting, it is recommended. Also, depending on how your server security is set up, some servers will not allow timthumb to run when permissions are 775. The solution is to change them to 755.
- Otherwise, see this site for installation instructions
- Note that use of Timthumb is not necessary, and that some hosts do not allow you to run the script.
- Navigate to the UberMenu Control Panel > Images
- Enable Resize Images
- Set your preferred image width and height
- Enable Use Timthumb