29 Responses

  1. Konstantinos Kouratoras
    Konstantinos Kouratoras November 28, 2012 at 12:22 | | Reply

    Thank you for this great plugin! But check the github link, it’s broken.

  2. Tim
    Tim November 28, 2012 at 13:40 | | Reply

    For now, the GitHub URL appears to be here:

    https://github.com/MatthewRuddy/Wordpress-Timthumb-alternative

    1. Matthew Ruddy
      Matthew Ruddy November 28, 2012 at 15:27 | | Reply

      Thanks. A Github frontpage has been created as well. See:

      http://matthewruddy.github.com/Wordpress-Timthumb-alternative

  3. Kevin Remisoski
    Kevin Remisoski November 28, 2012 at 14:36 | | Reply

    To my knowledge it’s been over a year since timthumb was last exploited and I haven’t seen any security issues listed on the timthumb google code page. With that being said, what would be the benefit of using a script that hasn’t been tested for exploits and is new as opposed to using a script that has been tested and patched?

    1. Matthew Ruddy
      Matthew Ruddy November 28, 2012 at 15:23 | | Reply

      Good question. The Timthumb vulnerability came from the ability to use images from external, untrusted sources. Only a select few ‘trusted’ sources were supposed to be allowed; flickr.com, blogger.com, but a particular section of code didn’t prevent a user from using a file from a domain such as ‘flickr.com.hacker.com’, etc. This gave them access.

      The function I’ve created loads the file locally as a resource before it starts the resizing. This requires the absolute path to the image, which obviously won’t work with an external image. The function will fail. You could also add a little snippet of code to the top of the function to check the current images domain against your WordPress sites domain, to be extra safe.

      That said, you are correct about Timthumb being pretty safe as of recent. However, hosts still send out vulnerability reports to users when even the most up to date version is used. I found this out the hard way when customers using Bluehost came flocking to me about an email they received saying Riva Slider used Timthumb and therefore they were at risk. The email said it has updated Timthumb to the most recent version for them, even though it was the same version as before!

      It may be safe at the moment, but the scare mongering still exists. I still often get asked if Riva Slider uses Timthumb before users purchase. When users who don’t fully understand the logistics of the previous vulnerability hear about the potential threat, they are hard to convince otherwise.

      Plus, some hosts blatantly block Timthumb. There can also be a lot of permission errors and 400 errors on various hosts. This function tends not to suffer from those issues. Put simply, if the ‘uploads’ directory has safely been created with the WordPress install, and you can upload to the Media Library fine, this function should work.

  4. Kill Hipsters
    Kill Hipsters December 10, 2012 at 06:00 | | Reply

    Just a minor annoyance, but the function name is too long. Did you really have to prefix the function with your first and last name? Why not, “better_image_resize” or “secure_image_resize” instead? Just feels silly and unnecessary is all using your name. Other than that, tested this and it works well, so thank you.

    1. Matthew Ruddy
      Matthew Ruddy December 10, 2012 at 10:52 | | Reply

      The long prefixed name makes sure it doesn’t collide with a function that may be called “image_resize”. Probably a bit much but better safe than sorry. Feel free to change it in your projects ;)

    2. Adam
      Adam January 20, 2013 at 06:28 | | Reply

      I agree, which is why I renamed this function to “mr_image_resize”, “mr” as in “mister” but which also happens to perfectly match his initials instead of the overly long function name.

  5. mbrem
    mbrem December 14, 2012 at 01:32 | | Reply

    Interesting issue since the release of WP 3.5, only the fist slide show in RSP displays. The others on the site endlessly load unless I uncheck ‘resize images’. Is this a unfortunate problem with 3.5 now?

    1. Matthew ruddy
      Matthew ruddy December 14, 2012 at 02:16 | | Reply

      Probably an error of some sort. 3.5 has been tested with 3.5 betas and appears to be working fine. Fire an email to info@matthewruddy.com and we can resolve it there :) probably something simple we can resolve quickly :)

  6. stefaan
    stefaan April 13, 2013 at 01:07 | | Reply

    and now the most stupid question of all, how do i use this php file ? :|

    1. Matthew Ruddy
      Matthew Ruddy April 13, 2013 at 17:34 | | Reply

      Include the file using PHP, then use the function as you would use any other function. Of course, you’ll need some PHP knowledge to do this.

  7. GhozyLab
    GhozyLab April 30, 2013 at 04:42 | | Reply

    Hi Matthew, Greate plugin!

    Can I use it for commercial wordpress plugins?

    1. Matthew Ruddy
      Matthew Ruddy April 30, 2013 at 13:10 | | Reply

      Sure, that’s no problem at all :)

  8. nev
    nev September 4, 2013 at 20:59 | | Reply

    It “saves the resized image in the WordPress uploads folder” … so this would be no good for use with my slider code – wouldn’t it create an image every time the page is loaded? I must be missing something..

    1. Matthew Ruddy
      Matthew Ruddy September 4, 2013 at 21:21 | | Reply

      Hi Nev – no, the image is resized then saved to the uploads folder on the first load. After that, the image is just loaded from uploads in the same way as any other image.

  9. JP
    JP September 14, 2013 at 07:51 | | Reply

    thanks Matthew, your function works fantastic. I was using vt_resize before but have opted for this instead.

    I was concerned at first when you mentioned that it saves the image to wp-content, because I don’t store my uploads in wp-content. I use Mark Jaquith’s WP-Skeleton, which puts the uploads folder outside the core wp directory, one level down.

    Fortunately, your function had the brains to figure this out. Thanks a lot.

    1. Matthew Ruddy
      Matthew Ruddy September 14, 2013 at 13:47 | | Reply

      That’s awesome! Great to hear :) It wasn’t intentional, but glad to hear it works for such situations.

  10. Laura C. Rodriguez
    Laura C. Rodriguez October 29, 2013 at 15:19 | | Reply

    It sounds great!
    So, how would I go to replace timthumb.php with this?
    Thanks!

  11. Rich
    Rich November 22, 2013 at 10:11 | | Reply

    If it supported caching .. it would be great.

    1. Matthew Ruddy
      Matthew Ruddy November 22, 2013 at 10:21 | | Reply

      Hi Rich, would there be a need for caching? The image is resized once then saved to wp-uploads, so from then onwards it’s used in the same way as all other WordPress uploads.

      1. Rich
        Rich November 22, 2013 at 16:20 | | Reply

        I didn’t realise it saved the resized images. If that is the case then great! I’ll have a play with it next week. Thanks for pointing this out.

      2. Rich
        Rich November 27, 2013 at 04:09 | | Reply

        I was testing this on a copy of another site and so my guid string for image (attachments) wasn’t correct which was making your script think that my images weren’t in the media library.

        After running a quick SQL script to change my guids to the actual site domain the resizing starting working properly. It’s really good. I like it a lot. Good job sir!

  12. Mark
    Mark December 5, 2013 at 09:26 | | Reply

    I tried to run this through a loop to generate and return the url of four images from a category using WP_Query but with no luck. Maybe I’m doing something wrong but I succeeded with timthumb. I’d like to succeed with this script as I like the idea of linking to an image rather than to a script generating an image.

    Any advice Matt? I can email you the loop that works with timthumb.

    Thanks.

Leave a Reply