Skip to content

I No Longer Use TimThumb – Here’s What I do Instead

Last week there was a second exploit found in TimThumb. Thankfully it was no-where near as bad as the first one – but it raised an interesting question of whether TimThumb is even needed anymore.

TimThumb was made to be useful for any project – it was never meant to be WordPress specific – so there’s definitely still some interest in it from that perspective, but I don’t really care about that. I focus on WordPress – and is it needed there? I think no.

After the first exploit I kept using TimThumb on Binary Moon. I wanted to show that the fixes put in place were solid and nobody should worry (seems I was wrong), but after 6 months or so I decided to start using the WordPress post thumbnail functionality properly.

I had been slowly moving away from theme frameworks instead focusing on starter themes and using WordPress coding standards andbest practices. I wanted to do everything ‘the WordPress way’.

Using WordPress built in post thumbnail functionality is very straight forward. You register some image sizes, and then call a function to get the image html. However there are some issues with it:

Problems with WordPress Post Thumbnails

  1. The image sizes don’t act historically. You can add new image sizes easily but it doesn’t change old images.
  2. The images rely on using a featured image. If there’s no featured image then no thumbnail displays.
  3. It doesn’t use a cdn by default – and being wrapped in functions it’s harder to use a cdn.

Solutions for WordPress Post Thumbnail Problems

Over the years I’ve seen these problems and have worked out ways of solving them.

Image Sizes

I like the Regenerate Thumbnails plugin by ViperBond. It’s great for the times you want to resize images or change themes. It also works great locally which means I can test new themes I’m making more easily.

As an aside I also often make use of the css background-size:cover property which helps to keep things consistent and is great when doing responsive design.

No Featured Images

This can be an issue for sites that don’t have featured images historically, or just generally because people forget to add them or don’t realise you have to add them. I’ve blogged on Binary Moon for nearly 10 years now, and but featured images have only been around for half the time. With a few bits of code I can make sure that images will display if they are available.

All you have to do is add the following code to your themes functions.php

function bm_my_post_thumbnail_html( $html, $post_id, $thumbnail_id, $size = '' ) {

    if ( empty( $html ) ) {

        $values = get_children(
            array(
                'post_parent' => $post_id,
                'post_type' => 'attachment',
                'post_mime_type' => 'image',
                'order' => 'ASC',
                'orderby' => 'menu_order',
                'numberposts' => 1,
            )
        );

        if ( $values ) {
            foreach ( $values as $child_id => $attachment ) {
                $html = wp_get_attachment_image( $child_id, $size );
                break;
            }
        }

    }

    return $html;

}
add_filter( 'post_thumbnail_html', 'bm_my_post_thumbnail_html', 10, 4 );

Lack of CDN

If you’re a programmer then you can easily set up a filter to change the image url, or you can install one of the many caching plugins like W3 Total Cache that can be set to automatically upload your image and change the urls. All possible – but even the plugins require setting up the cdn/ s3 bucket – so not that easy for less technical users.

Jetpack & Photon – the Ultimate Image Solution

I know a lot of people don’t like Jetpack but I’m a big fan. I think there’s a lot to like about it, but today I just want to mention Photon. Photon serves 2 main purposes.

  1. It’s an image cdn (content delivery network)
  2. It resizes images seamlessly (historically and otherwise).

I should note that Photon is only usable if you use Jetpack. It’s against the terms of use for you to use it otherwise. Basically Photon solves almost all the same issues that TimThumb solves and as such it’s a very easy one stop shop for nice fast image resizing.

Interestingly the developer of the previously mentioned Regenerate Thumbnails WordPress plugin now recommends using Jetpack as well.

16 thoughts on “I No Longer Use TimThumb – Here’s What I do Instead Leave a comment

  1. Nice Post.

    Photon is really good, but it only handles images. KeyCDN offers 25GB CDN credit when you sign up, no credit card required, so take advantage of this offer.

    • That’s true – but since the majority of bloggers only need a cdn for images I don’t see how this is an issue. It’s free and super easy to setup – plus it resizes images. Other cdn providers may be better but they take more effort to setup and will likely require payment.

  2. I hadn’t heard of Jetpack until today, but it appears to be a suite of WordPress tools for WordPress sites.

    What about those of us who were looking into TimThumb for non-WordPress websites (ie, made from scratch)?

    What do you recommend for us?

    • To be honest I don’t have any recommendations. I only make WordPress powered sites so I’m afraid I don’t know much about other options available.

      • That’s a shame, I’ve been looking for a dynamic image resizing solution for regular (non-Wordpress) websites.

      • well TimThumb does still work – and it was inspired by a script called PHPThumb, I don’t know if that’s still available/ maintained – TimThumb was built to be a lot simpler to use but perhaps that will help

      • I’ll look PHPThumb up in a minute, thanks. Final question, is it possible for the server to serve custom sizes of images (like TimThumb) WITHOUT using a cache folder? In other words, can it do it without creating new physical files for every new size that’s needed, the very first time it’s needed? It wouldn’t be technically feasible, right?

        I heard rumblings that it was possible, but Google has yielded little evidence of it.

      • technically it’s possible however it’s not recommended since resizing images uses a lot of server resources and so is quite slow. If you have a lot of images to resize then it will slow down your server and reduce the amount of people who can visit your site at any one time.

      • Looks like PHPThumb was dormant for a while, but acc. to its changelog, development has started again. Thou of corpse it aint as straightforward to use as TimThumb.

        If demand is high, I might consider releasing my NON-WordPress-focused, PHP- and TimThumb-inspired thumbnail scripts. They are strictly focused on ImageMagick, thou.
        One is a very simple thumbnail script, the other does happy dimension juggling and image editing using montage. Been using the latter one for years to create simple background hover thumbnails (b/w to color). See it in action at my old site: http://old.usability-idealist.de/

        cu, w0lf.

  3. I never used Timthumb from the start, I find it hard to integrate on my themes. I use aqua resizer instead, it’s easier and cleaner, the author is the same of SMOF option framework.

    • Thanks for the feedback. I know there are other plugins so it’s nice to see one recommended. Personally I still think Jetpack with Photon is the best though – if only for the cdn functionality.

  4. For most small blogs, CDNs don’t matter much – just an extra layer of complexity. Timthumb was by far the most straight forward solution which I used on my personal blog where as in all others, you have to worry about one thing or another e.g. past image processing etc. After the exploit, I had to remove it and used image magick to convert all past images to appropriate sizes and then used WP Post Thumbnail plugin.

    I guess I had too much time on my hands! I wish this becomes far more simpler in future and then it is now!

    • Hi Rajat – if you use Jetpack and Photon then you don’t need to do anything. Just enable the plugin. It’s definitely the simplest solution IMO 🙂

  5. I used to use Amazon Cloudfront with Total Cache for a while. But since photon came around I have been using it without any issues.

    BTW the author of the Regenerate Thumbnails WordPress plugin (Viperbond) works for Automattic if you guys didn’t know already, hence the recommendation to use Jetpack. Most likely his code is used and enhanced in Jetpack 🙂 .

Leave a Reply

Your email address will not be published. Required fields are marked *