When timthumb.php returns a 404 Error in WordPress

Written By Thursday, February 4, 2010 29 No tags Permalink 0

We recently migrated some of our websites to a new VPS with Inmotion hosting. After the migration, everything went smooth (pretty much.. but as smooth as a server transfer can be), except one issue – all the timthumb.php scripts were not working well in WordPress, which meant that blog thumbnails were not generating.

So for example, the following URL returned a 404 error, and defaulted to WordPress’ 404 page:

http://www.sonikastudios.com/wp-content/themes/sonikas/scripts/timthumb.php?src=/wp-content/uploads/DSC01426-600×337.jpg&w=100&h=100&zc=1&q=100

This happened on this very blog (www.jeffkee.com) as well. So then I went to check other things out, and found out that other .php scripts that run from within the wp-content/themes/ folder were not working either! So, the problem was not just timthumb.php, but rather, all .php files within the folder. I tried restarting apache, and the server. No dice.

So I finally looked into the apache error logs, and bingo:

[Thu Feb 04 01:56:02 2010] [error] [client 174.6.169.139] SoftException in Application.cpp:610: Directory “/home/sonikas/public_html/wp-content” is writeable by others
[Thu Feb 04 01:56:02 2010] [error] [client 174.6.169.139] Premature end of script headers: timthumb.php
[Thu Feb 04 01:56:07 2010] [error] [client 174.6.169.139] SoftException in Application.cpp:610: Directory “/home/sonikas/public_html/wp-content” is writeable by others
[Thu Feb 04 01:56:07 2010] [error] [client 174.6.169.139] Premature end of script headers: test.php

So yes, some servers have more advanced PHP security set up, so that PHP files cannot run from within folders that are writable by others.

Many of us have the common (and bad) habit of setting the permission to 777 for folders that should be writable by our PHP applications. However this is not the case. It must be set to 755, in which the “group” and “others” users cannot write the folder.

The “Premature end of script headers” error happens when the script stops running before it outputs the content type headers and dates etc. In any file served through a browser, the content type and other items are defined even before the first string of the file (for example, <html>) are fed out. So when this failed, it returned a 404 error, which in turn triggered WordPress to default to the 404.php error page!

So the lesson here: instead of 777, let’s use 755 for folders that need to be modified/written by your PHP scripts.

I had help from a great guy at StackOverflow.com (username jsalonen). Without his guidance of the server error log locations I would not have figured this out anytime soon. Please see the original question at StackOverflow.com.

29 Comments
  • Jordan Brill
    February 4, 2010

    Thanks Jeff, This sorted it out for me!

  • bakhlawa
    February 24, 2010

    Hi Jeff, sadly this didn’t work for me.

    I too am getting 404 error messages when I try to access timthumb.php, or really, any php file on my server. WordPress keeps throwing 404 error messages even when I try to access files in my WordPress root folder, such as http://mydomain.com/header.php or http://mydomain.com/footer.php.

    It seems like WordPress does not want to process any URLs typed directly, but works fine otherwise when I go through my blog to pages, categories and posts. But accessing .php files directly throws a 404 error.

    Any ideas? Thanks.

  • Jeff Kee
    February 24, 2010

    Getting into the raw Apache error logs is the best way to diagnose this. Is this happening even within the root folder? Cause if that’s the case you may have a different problem than me…

  • Natron Parvo Info
    March 17, 2010

    I just setup wordpress on a dedicated WIN2003 server, was having a lot of the same access rights issues. Glad to see you got them figured out.

  • Manuel
    June 13, 2010

    Hi Jeff!

    I’m from Italy and I was looking for a site like yours. I’m using form my Blog the same theme: Arthemia. I’m having a really bad issue with Facebook Share not showing any Thumbnail when someone shares a Post! I tried sharing one of yours and I’ve noticed that prewiew shows perfectly! Could you please tell me how did you fix the problem?

    I’d really appreciate that!

  • adspedia
    June 15, 2010

    I had a customer that migrated from a Plesk powered server to my cPanel based one.
    This article saved their blog, as no thumbs were showing on their either, after migration.
    Thank you.

  • John
    August 12, 2010

    I cannot thank you enough!

  • Ryan Simmons
    September 16, 2010

    Makes perfect sense – thanks for posting this fix. Helped me get our issue resolved quickly.

  • Joseph
    September 24, 2010

    I also have 404 errors but cannot find the cause. I have nothing in my error log.

  • Trinity
    September 30, 2010

    I am having 404 errors as well WordPress 3.01. File permissions checked, no errors in Apache, GD verified, no mod_secure problems, scripts are allowed to run. Rather frustrated, wondering if I can replace timthumb with something else.

    Could this be an issue with 3.0 and higher?

  • Lutvi Avandi
    October 6, 2010

    Thanks, I have spend many hours just to know why I cannot access my timthumb. All picture are gone and I cannot access each php file in my themes.

    The problem fixed when I change permission of my wp-content folder. This is very useful tips.

  • Matt J.
    April 7, 2011

    Can’t thank you enough! Days of frustration has been replaced with a great sigh of relief! Solved my issue after moving multiple clients over to a new host.

    Thanks again!

  • Dann
    May 15, 2011

    LIFE SAVER!!

    thanks loads!!

  • Matt
    May 19, 2011

    Thanks for this – I’m so glad I decided to try Googling exactly what was going wrong.

  • Stephen Orsini
    July 10, 2011

    Helped me out as well… gracias!

  • Rick Tuttle
    October 20, 2011

    Thanks, this info really helped me out. In fact, I had to change the rights to 755 up the folder hierarchy and not just in the theme folder. Someone had set rights to wp-content to 777 and propagated down to all subfolders but the server security prevented timthumb.php from running.

  • Jeff Kee
    October 26, 2011

    Glad it helped – it’s one of those mind bogglers. However in terms of security, most servers have this restriction and I’m totally OK with it – it’s better for the long term.

  • italiafirenze
    October 29, 2011

    This worked for me too!

    ALL parents of timthumb.php need to have 755 permissions.

  • Ken L
    April 17, 2012

    You are the MAN. I spent *hours* fiddling with WP/htaccess trying to figure out why I couldn’t get PHP files to run. This totally worked. Thank you SO much.

  • Samui wedding
    April 21, 2012

    Thank you very much. I try to fix this issue many time but couldn’t sort it out until I read your post. I just switch from 777 to 755 and all work!. Simple is that. Big Thanks again

  • Nizam
    September 21, 2012

    Thanks for the solution, after i changed wp-content permission to 755 it dosen’t worked for me. when i opened http://www.mydomain/wp-content/themename/timthumb.php i get the error

    Could note create the index.html file.Could note create cache clean timestamp file.No image specified

    it’s fine now after i clenad index.html and timestam file from the cache directory in my theme folder.

    thanks again

  • Jeff Kee
    September 21, 2012

    It could be that the timestamp file etc. were created by a user with a different permission level. Glad it worked either way! Timthumb is a very handy script. The newer version supports cross-domain support (with specific permission of course so people can’t rip off images or abuse it).

  • Mark vander Pal
    April 24, 2013

    For me the issue was resolved when I changed to relative paths instead of full paths to source images. This might be handy when changing hostnames during installation which was my case.

  • Jeff Kee
    April 24, 2013

    If it’s local, definitely use relative paths.

    However the newer versions of Timthumb allow you to referecne to 3rd party domains, provided that you add them to the safe list.. otherwise it coudl be abused in CMS systems where others have access to what goes in etc.

  • Dai Manuel
    April 26, 2013

    Dude! Great info! Thank you!

  • Jeff Kee
    April 26, 2013

    I benefited a LOT from good samaritans posting such solutions.. this was my chance to pay it back & pay it forward!

  • Joshua
    May 21, 2013

    Dude! U have no idea how this has helped me….:) thanks a bunch.

  • domain
    September 2, 2014

    First of all I want to say superb blog! I had a quick question which I’d like to ask if
    you don’t mind. I was interested to know how you center
    yourself and clear your thoughts before writing.
    I’ve had a tough time clearing my thoughts in getting my ideas out.
    I truly do enjoy writing but it just seems like the first 10 to 15
    minutes are lost simply just trying to figure out how to begin. Any recommendations or hints?
    Thanks!

  • experienced
    September 22, 2014

    Greetings! This is my first visit to your blog! We are a team
    of volunteers and starting a new initiative in a community in the same niche.
    Your blog provided us useful information to work on. You have done a outstanding job!

Leave a Reply

Your email address will not be published. Required fields are marked *