TimThumb with WordPress

Developers who have been in the WordPress community many years are likely familiar with TimThumb. TimThumb is an image resizing script that many themes use or have used in the past. It functions by calling the TimThumb PHP script file, with image dimensions specified at the end. In this way the script will serve to dynamically resize images, which is something that WordPress couldn’t do by default several years ago.

The TimThumb script is problematic though, in that it has experienced several security exploits over the years. With that in mind, the TimThumb developer has abandoned the script and is no longer patching or updating it. These days, WordPress itself has a better solution for thumbnails built in. Different image sizes are created when images are uploaded, and WordPress uses the Featured Image for each post to determine which image to use as a thumbnail. With this in mind, we highly recommend staying away from using TimThumb and instead using the features native to WordPress.


What if I need different thumbnail sizes?

No worries! You can create additional thumbnail sizes by extending the default functionality from WordPress using the add_image_size() function.

Keep in mind that adding a new image size will not automatically add thumbnails for existing images in your Media Library. If you have existing images in the library which need the new thumbnail size, you can use the Regenerate Thumbnails plugin to generate the thumbnails in the correct size and add them to your library.


What if my theme uses TimThumb?

As the TimThumb developer has abandoned the script, most theme developers have released new versions that work without TimThumb.

Check to see if your theme has an update available in the WordPress Admin Dashboard, or in your Premium Theme marketplace where it was purchased.

If there is not a new version available, consider reaching out to the theme developer to ask why they are using this and whether they are considering removing the TimThumb script.


What if I need different image sizes to show on different devices?

WordPress does responsive image support natively now, using srcset and size attributes for all images. This change happened in late 2015 when WordPress integrated with RICG Responsive Images to provide this support. This means WordPress is automatically ready to serve the right image size to the right device, without trying to decide this with a PHP script like TimThumb. Additionally, most Themes on the market today are already “Responsive” in that they show a more optimized style for mobile devices, providing a better experience for all users.


WP Engine automatically updates outdated TimThumb scripts to ensure you are running a secured version of TimThumb.

Since we routinely push out TimThumb updates (for security concerns), we overwrite the TimThumb.php file, which overwrites a customers configuration settings. If you do choose to use TimThumb, we encourage you to use a separate TimThumb configuration file.

timthumb.php = Script

timthumb-config.php = Configuration settings


NEXT STEP: Learn how to optimize images

Still need help? Contact support.

We offer support 24 hours a day, 7 days a week, 365 days a year. Log in to your account to get expert one-on-one help.

The best hosting for WordPress

See why more customers prefer WP Engine over the competition.