Last week there was a second exploit found in TimThumb. Thankfully it was no-where near as bad as the first one – but it raised an interesting question of whether TimThumb is even needed anymore.
TimThumb was made to be useful for any project – it was never meant to be WordPress specific – so there’s definitely still some interest in it from that perspective, but I don’t really care about that. I focus on WordPress – and is it needed there? I think no.
After the first exploit I kept using TimThumb on Binary Moon. I wanted to show that the fixes put in place were solid and nobody should worry (seems I was wrong), but after 6 months or so I decided to start using the WordPress post thumbnail functionality properly.
I had been slowly moving away from theme frameworks instead focusing on starter themes and using WordPress coding standards andbest practices. I wanted to do everything ‘the WordPress way’.
Using WordPress built in post thumbnail functionality is very straight forward. You register some image sizes, and then call a function to get the image html. However there are some issues with it:
Problems with WordPress Post Thumbnails
- The image sizes don’t act historically. You can add new image sizes easily but it doesn’t change old images.
- The images rely on using a featured image. If there’s no featured image then no thumbnail displays.
- It doesn’t use a cdn by default – and being wrapped in functions it’s harder to use a cdn.
Solutions for WordPress Post Thumbnail Problems
Over the years I’ve seen these problems and have worked out ways of solving them.
Image Sizes
I like the Regenerate Thumbnails plugin by ViperBond. It’s great for the times you want to resize images or change themes. It also works great locally which means I can test new themes I’m making more easily.
As an aside I also often make use of the css background-size:cover property which helps to keep things consistent and is great when doing responsive design.
No Featured Images
This can be an issue for sites that don’t have featured images historically, or just generally because people forget to add them or don’t realise you have to add them. I’ve blogged on Binary Moon for nearly 10 years now, and but featured images have only been around for half the time. With a few bits of code I can make sure that images will display if they are available.
All you have to do is add the following code to your themes functions.php
function bm_my_post_thumbnail_html( $html, $post_id, $thumbnail_id, $size = '' ) {
if ( empty( $html ) ) {
$values = get_children(
array(
'post_parent' => $post_id,
'post_type' => 'attachment',
'post_mime_type' => 'image',
'order' => 'ASC',
'orderby' => 'menu_order',
'numberposts' => 1,
)
);
if ( $values ) {
foreach ( $values as $child_id => $attachment ) {
$html = wp_get_attachment_image( $child_id, $size );
break;
}
}
}
return $html;
}
add_filter( 'post_thumbnail_html', 'bm_my_post_thumbnail_html', 10, 4 );
Lack of CDN
If you’re a programmer then you can easily set up a filter to change the image url, or you can install one of the many caching plugins like W3 Total Cache that can be set to automatically upload your image and change the urls. All possible – but even the plugins require setting up the cdn/ s3 bucket – so not that easy for less technical users.
Jetpack & Photon – the Ultimate Image Solution
I know a lot of people don’t like Jetpack but I’m a big fan. I think there’s a lot to like about it, but today I just want to mention Photon. Photon serves 2 main purposes.
- It’s an image cdn (content delivery network)
- It resizes images seamlessly (historically and otherwise).
I should note that Photon is only usable if you use Jetpack. It’s against the terms of use for you to use it otherwise. Basically Photon solves almost all the same issues that TimThumb solves and as such it’s a very easy one stop shop for nice fast image resizing.
Interestingly the developer of the previously mentioned Regenerate Thumbnails WordPress plugin now recommends using Jetpack as well.
Was it good/ useful/ a load of old rubbish? Let me know on Mastodon, or BlueSky (or Twitter X if you must).
Link to this page
Thanks for reading. I'd really appreciate it if you'd link to this page if you mention it in your newsletter or on your blog.