I have TimThumb running on a Wordpress site and the only way I can get it to work is with the timthumb directory permissions set to 777. I don't like doing this though, where I've had to use 777 permissions before I've put a .htaccess file in the directory to stop scripts running inside that directory, obviously won't be able to do this inside the timthumb directory. Does anyone know a way of allowing timthumb to work without having to use 777?
Asked
Active
Viewed 623 times
1 Answers
1
TimThumb requires write access to a particular folder
(I can't recall which one right now but I'm looking it up)
You don't have to 777 the whole directory, just that particular folder
Also, I believe 660 may be adequete for this folder (Read / Write)
It's also worth looking at this: http://wordpress.org/extend/plugins/timthumb-vulnerability-scanner/
There was an exploit on a previous version of TimThumb, that this plugin aims to scan for.
Alex
- 37,502
- 51
- 204
- 332