As you probably know, WordPress is one of the most customisable CMS’s available. With over 22,000+ plugins, and thousands of themes, it may be a surprise that many of them rely on the same widely available open-source scripts.
So of course, when a vulnerability comes along affecting one of these scripts, we have major problems. You may have guessed it, but if not, I’m talking about Timthumb.
Timthumb is great. It has given us instant image resizing through an easy to use PHP script. So many themes and plugins rely on it. However, some vulnerabilities in the past have turned those very plugins and themes into a hackers paradise, creating gaping holes in the WordPress environments of unsuspecting users.
So why have we relied on it for so long? Simple, WordPress hasn’t provided us with anything better, or even remotely as good. As the developer of both the Easing Slider and Riva Slider plugins, I’ve always felt strongly about the lack of a proper image API within WordPress itself.
Thankfully, WordPress 3.5 will change this as an image API is (finally) being added. However, it still doesn’t provide use with a single-function successor to Timthumb.
As a developer, especially of a premium plugin, I felt it was my responsibility to explore every possibility in hope to find an alternative. I did come across a great function, vt_resize by Victor Teixeira, but extensive testing found that it wouldn’t upscale images, or crop in the same way Timthumb does. This wouldn’t cut it, and so I went out to create my own solution.
And now, after some brief testing, I’m here to release it for all to use freely with the simple goal of providing us all with a safe alternative to Timthumb. Use it in your themes, plugins, or however you like.
It resizes an image to the specified dimensions, saving the resized image in the WordPress uploads folder as per usual. This is great, because we can serve the user a static image, rather than a PHP script, which helps to speed things up a bit (and use less resources). It also supports the upcoming WordPress 3.5 update, for which a separate function is used (that utilizes the new image API), and has been tested with the nightly builds of recent.
I’ve created a Github page as well, so please have a look at it. Fork it, improve it, fix any bugs within it, and more importantly, tweet about it and tell your friends! It may take some time (and effort) before everyone becomes aware of it, but I feel it is important that we as a WordPress community do so.
Got some questions or feedback? Feel free to direct them to me on Twitter: @matthewruddycom or @rivaslider. Also, please download and follow the development of my two WordPress plugins. My heart, soul and livelihood has gone into the work I’ve been doing on them! Both will be receiving some major updates very soon that I know will really enhance their user experience. It has taken a long time, but its been worth it.