16 thoughts on “TimThumb is No Longer Supported or Maintained Leave a comment

  1. Sad news…

    We all know that software has bugs…
    If we use it from other people we must be responsible for it.

    My best regards!

  2. This has prompted me to review some of my own batches of code. I have some very old code which I have been “maintaining” due to users still wanting to use it. When a critical bug is found, I’d definitely fix it, but some of those old things are totally off my regular development radar since there are far better ways to do the same thing. Unfortunately, whenever I take the step of suggesting I drop support, I get lynched by a small minority of users who are obsessed with using my old out of date software. But when the developer doesn’t think it’s a good idea to use the software, then it is definitely time to move on.

    I will be pulling the curtain on a few of my projects in the next few months now. I think if a serious security flaw is found, I’d probably still fix them, but by announcing I’m officially dropping support, that will hopefully encourage people to migrate onto better systems.

    1. I think it’s good to retire things that are old or no longer needed. In addition – if you maintain things indefinitely then eventually you’ll spend all your time maintaining and no time creating new, and better, things.

      If you tell people the software is no longer supported, and leave it open source, then people can continue to use it – with the knowledge that you won’t help if there’s a problem (at least that’s what I hope).

      At least I now have somewhere to point people to when they ask for help.

      1. Thankfully, the old code I’m referring to is somewhat static and has never needed updating aside from a brief overhaul I did a few years ago. I get feature requests, but no bug requests and the code would still be compatible with WordPress many years in the future I think. I’m mostly concerned about people thinking it is representative of my current work or even simply using something they shouldn’t be (there are better ways of doing things now).

  3. TimThumb has been awesome for me! I’ve used it in a few standalone projects even in the past year and it’s saved me tons of time.

    Thank you for the years you put into this software. Thank you also for your advice on best practices moving forward. I read “why I donโ€™t use TimThumb (and what I do instead)” and Photon looks very promising. Despite the changes that come, I’ll always have fond memories of this lightweight, versatile library.

    Thanks timthumb! Happy coding!

  4. This are really sad news.As I know it is fairly exhausting to administrate free software for a long time I can understand that you are sick of it.

    However there is no other tool like Timthumb. No, the current WordPress built-in functionalities cannot replace timthumbs’ possibilities for complex websites. And no, external services are not a solution for everybody.

    Heavily hope that somebody will have time and resources to continue this amazing piece of software in the future!

  5. Too bad hackers are winning this one… All code is buggy, all you can buy is time. Websites are depending heavily on their security settings and there are a lot of them. Thanks for sharing your code, remember that it was once top of the bill!

  6. Hi,

    You can start other projects posting them to Github, most probable people can find existing problems and fix them, you will be more secured.

    Do not be a coward because of h*ckers. Keep up the good job and be rich ๐Ÿ˜‰

    1. I don’t think I’m being a coward – I’m not stopping because of fear. I feel responsible for a lot of the problems with TimThumb – but the main reason I’m stopping is that there’s better alternatives for WordPress available.

      If someone wants to take over the project and move it to Github – then they’re welcome to, it’s GPL afterall. However that’s not something I have any desire to be involved with.

    1. I don’t know. As the post says, I no longer maintain it, and I don’t recommend anyone uses it.

      1. Personally I would advise against it. If they are going to maintain it then that’s up to them, but if a security issue is found in the version they are using then it’s up to them to fix it.

  7. Ya you made me lose thousands of dollars because of your …. blah blah blah…. there will always be issues, but I wanted to say what you did was amazing… back in the day… it was devs like you who did stuff for free and code became helpful and usable… thanks for all the fish, so long… however, don’t feel guilty, it was “out there” and nobody told you about the problem before the hackers got to it, anyway, I’m sure you’ve gone through the post mortem a hundred times or more…. the point of my comment was that I thank you, and command that you hold your head up and be full of heart knowing you did your best like a good boy scout, it was not your intention to hurt anyone…. innocence can sometimes be a hazard ๐Ÿ™‚ All the best…..

    1. Thanks – very kind of you to say so ๐Ÿ™‚

      Definitely tried, and learnt a lot from the experience.

Leave a Reply

Your email address will not be published.