I No Longer Use TimThumb – Here’s What I do Instead

Last week there was a second exploit found in TimThumb. Thankfully it was no-where near as bad as the first one – but it raised an interesting question of whether TimThumb is even needed anymore.

TimThumb was made to be useful for any project – it was never meant to be WordPress specific – so there’s definitely still some interest in it from that perspective, but I don’t really care about that. I focus on WordPress – and is it needed there? I think no.

After the first exploit I kept using TimThumb on Binary Moon. I wanted to show that the fixes put in place were solid and nobody should worry (seems I was wrong), but after 6 months or so I decided to start using the WordPress post thumbnail functionality properly.

I had been slowly moving away from theme frameworks instead focusing on starter themes and using WordPress coding standards andbest practices. I wanted to do everything ‘the WordPress way’.

Using WordPress built in post thumbnail functionality is very straight forward. You register some image sizes, and then call a function to get the image html. However there are some issues with it:

Problems with WordPress Post Thumbnails

  1. The image sizes don’t act historically. You can add new image sizes easily but it doesn’t change old images.
  2. The images rely on using a featured image. If there’s no featured image then no thumbnail displays.
  3. It doesn’t use a cdn by default – and being wrapped in functions it’s harder to use a cdn.

Solutions for WordPress Post Thumbnail Problems

Over the years I’ve seen these problems and have worked out ways of solving them.

Image Sizes

I like the Regenerate Thumbnails plugin by ViperBond. It’s great for the times you want to resize images or change themes. It also works great locally which means I can test new themes I’m making more easily.

As an aside I also often make use of the css background-size:cover property which helps to keep things consistent and is great when doing responsive design.

This can be an issue for sites that don’t have featured images historically, or just generally because people forget to add them or don’t realise you have to add them. I’ve blogged on Binary Moon for nearly 10 years now, and but featured images have only been around for half the time. With a few bits of code I can make sure that images will display if they are available.

All you have to do is add the following code to your themes functions.php

function bm_my_post_thumbnail_html( $html, $post_id, $thumbnail_id, $size = '' ) {

    if ( empty( $html ) ) {

        $values = get_children(
            array(
                'post_parent' => $post_id,
                'post_type' => 'attachment',
                'post_mime_type' => 'image',
                'order' => 'ASC',
                'orderby' => 'menu_order',
                'numberposts' => 1,
            )
        );

        if ( $values ) {
            foreach ( $values as $child_id => $attachment ) {
                $html = wp_get_attachment_image( $child_id, $size );
                break;
            }
        }

    }

    return $html;

}
add_filter( 'post_thumbnail_html', 'bm_my_post_thumbnail_html', 10, 4 );

Lack of CDN

If you’re a programmer then you can easily set up a filter to change the image url, or you can install one of the many caching plugins like W3 Total Cache that can be set to automatically upload your image and change the urls. All possible – but even the plugins require setting up the cdn/ s3 bucket – so not that easy for less technical users.

Jetpack & Photon – the Ultimate Image Solution

I know a lot of people don’t like Jetpack but I’m a big fan. I think there’s a lot to like about it, but today I just want to mention Photon. Photon serves 2 main purposes.

  1. It’s an image cdn (content delivery network)
  2. It resizes images seamlessly (historically and otherwise).

I should note that Photon is only usable if you use Jetpack. It’s against the terms of use for you to use it otherwise. Basically Photon solves almost all the same issues that TimThumb solves and as such it’s a very easy one stop shop for nice fast image resizing.

Interestingly the developer of the previously mentioned Regenerate Thumbnails WordPress plugin now recommends using Jetpack as well.

Let me know what you think on Mastodon, or BlueSky (or Twitter X if you must).

WordPress News

The latest WordPress updates from the WPBriefs Podcast.

Related Posts

26 Jun 2014

New TimThumb Exploit Found

It’s been reported today that there is a new TimThumb exploit found. Unfortunately nobody told me about this before the exploit was announced – in fact I found out about the bug through wptavern.com so I haven’t been able to...
27 May 2013

WordPress: 10 Years Young, What Does The Future Hold?

WordPress is now 10 years old. I started using wordpress 9 years ago – which means I joined the WordPress community early on. The reason I chose WordPress is simply because of the fabled 5 minute install process – I...
14 May 2013

Redesigning the WordPress Post Editor

Ghost is a project born from frustration with WordPress. Ironically it seems to be mostly WordPress power users who want to use it. The Ghost team – led by John O’Nolan – put Ghost on KickStarter last week and it...
11 Oct 2009

How to Make TimThumb Work With WordPress Multisite

TimThumb is a popular image resizing script that was created for Mimbo Pro – but it’s never worked properly with WordPress MU, so I wanted to change that.The reason it doesn’t work is quite simple. Because of the way WordPress...
04 Nov 2010

TimThumb Troubleshooting Secrets

I often get asked questions about TimThumb and why it doesn’t work in certain situations. I can generally tell what is wrong with the script within about 60 seconds of being sent a demo url. Below are my top tips...