Skip to content

TimThumb is No Longer Supported or Maintained


A long time ago – when making our first premium WordPress theme, Darren and I made TimThumb. TimThumb has been amazing – but it’s also not been without it’s share of problems.

In particular in 2010 there was a major security exploit found and it hurt a lot of websites, my own included. There are still people who are suffering because of it. I’ve felt incredibly guilty about this for years now, and so my enthusiasm for TimThumb has dropped to nothing.

Because of this lack of enthusiasm, and a fear of doing something else wrong, I have barely touched the code in years. In fact a couple of months ago I wrote about why I don’t use TimThumb (and what I do instead). If you’re a WordPress developer and still using TimThumb then you are ‘doing it wrong’. As such I am dropping all future support and maintenance for TimThumb.

To be honest this has been the situation for a while now, I’ve just not announced it before. If you want to use TimThumb then you do so at your own risk.

It feels a little sad to be writing this – but it’s also a huge weight off my mind. Now I can go back to making WordPress themes and video games in peace :).

10 thoughts on “TimThumb is No Longer Supported or Maintained Leave a comment

  1. Sad news…

    We all know that software has bugs…
    If we use it from other people we must be responsible for it.

    My best regards!

  2. This has prompted me to review some of my own batches of code. I have some very old code which I have been “maintaining” due to users still wanting to use it. When a critical bug is found, I’d definitely fix it, but some of those old things are totally off my regular development radar since there are far better ways to do the same thing. Unfortunately, whenever I take the step of suggesting I drop support, I get lynched by a small minority of users who are obsessed with using my old out of date software. But when the developer doesn’t think it’s a good idea to use the software, then it is definitely time to move on.

    I will be pulling the curtain on a few of my projects in the next few months now. I think if a serious security flaw is found, I’d probably still fix them, but by announcing I’m officially dropping support, that will hopefully encourage people to migrate onto better systems.

    • I think it’s good to retire things that are old or no longer needed. In addition – if you maintain things indefinitely then eventually you’ll spend all your time maintaining and no time creating new, and better, things.

      If you tell people the software is no longer supported, and leave it open source, then people can continue to use it – with the knowledge that you won’t help if there’s a problem (at least that’s what I hope).

      At least I now have somewhere to point people to when they ask for help.

      • Thankfully, the old code I’m referring to is somewhat static and has never needed updating aside from a brief overhaul I did a few years ago. I get feature requests, but no bug requests and the code would still be compatible with WordPress many years in the future I think. I’m mostly concerned about people thinking it is representative of my current work or even simply using something they shouldn’t be (there are better ways of doing things now).

  3. TimThumb has been awesome for me! I’ve used it in a few standalone projects even in the past year and it’s saved me tons of time.

    Thank you for the years you put into this software. Thank you also for your advice on best practices moving forward. I read “why I don’t use TimThumb (and what I do instead)” and Photon looks very promising. Despite the changes that come, I’ll always have fond memories of this lightweight, versatile library.

    Thanks timthumb! Happy coding!

  4. This are really sad news.As I know it is fairly exhausting to administrate free software for a long time I can understand that you are sick of it.

    However there is no other tool like Timthumb. No, the current WordPress built-in functionalities cannot replace timthumbs’ possibilities for complex websites. And no, external services are not a solution for everybody.

    Heavily hope that somebody will have time and resources to continue this amazing piece of software in the future!

  5. Too bad hackers are winning this one… All code is buggy, all you can buy is time. Websites are depending heavily on their security settings and there are a lot of them. Thanks for sharing your code, remember that it was once top of the bill!

  6. Hi,

    You can start other projects posting them to Github, most probable people can find existing problems and fix them, you will be more secured.

    Do not be a coward because of h*ckers. Keep up the good job and be rich 😉

    • I don’t think I’m being a coward – I’m not stopping because of fear. I feel responsible for a lot of the problems with TimThumb – but the main reason I’m stopping is that there’s better alternatives for WordPress available.

      If someone wants to take over the project and move it to Github – then they’re welcome to, it’s GPL afterall. However that’s not something I have any desire to be involved with.

Leave a Reply

Your email address will not be published. Required fields are marked *