We are turning on a new detection application that will scroll your WP install looking for insecure versions of the TimThumb script.

Why you ask? Because we’ve found that blogs running older versions of TimThumb are more susceptible to malware injections than other blogs running at least version 2.8 of TimThumb.

What are we doing about it? We scan the files in your installation (themes, plugins, etc) regularly. If we find an older, vulnerable, version of TimThumb in your WordPress install, we replace it with the most recent version available, found here, and send you an email.

This helps make the world a safer place.

What about my ALLOWED_SITES configuration?
My custom configurations got blown away. Try defining ALLOW_ALL_EXTERNAL_SITES to TRUE outside of the actual timthumb script. Following the TimThumb instructions, this is done in a file called timthumb-config.php in the same directory as the timthumb script. It looks there for config options.

1) Create a file called timthumb-config.php in the same directory as the timthumb script.
2) Define ALLOW_ALL_EXTERNAL_SITES in that file to true.
3) Create and populate an ALLOWED_SITES array to sites that you want to customize. Like this.

$ALLOWED_SITES = array (
‘flickr.com’,
‘staticflickr.com’,
‘picasa.com’,
‘img.youtube.com’,
‘upload.wikimedia.org’,
‘photobucket.com’,
‘imgur.com’,
‘imageshack.us’,
‘tinypic.com’,
‘last.fm’
);