When timthumb.php returns a 404 Error in WordPress
We recently migrated some of our websites to a new VPS with Inmotion hosting. After the migration, everything went smooth (pretty much.. but as smooth as a server transfer can be), except one issue – all the timthumb.php scripts were not working well in WordPress, which meant that blog thumbnails were not generating.
So for example, the following URL returned a 404 error, and defaulted to WordPress’ 404 page:
This happened on this very blog (www.jeffkee.com) as well. So then I went to check other things out, and found out that other .php scripts that run from within the wp-content/themes/ folder were not working either! So, the problem was not just timthumb.php, but rather, all .php files within the folder. I tried restarting apache, and the server. No dice.
So I finally looked into the apache error logs, and bingo:
[Thu Feb 04 01:56:02 2010] [error] [client 174.6.169.139] SoftException in Application.cpp:610: Directory “/home/sonikas/public_html/wp-content” is writeable by others
[Thu Feb 04 01:56:02 2010] [error] [client 174.6.169.139] Premature end of script headers: timthumb.php
[Thu Feb 04 01:56:07 2010] [error] [client 174.6.169.139] SoftException in Application.cpp:610: Directory “/home/sonikas/public_html/wp-content” is writeable by others
[Thu Feb 04 01:56:07 2010] [error] [client 174.6.169.139] Premature end of script headers: test.php
So yes, some servers have more advanced PHP security set up, so that PHP files cannot run from within folders that are writable by others.
Many of us have the common (and bad) habit of setting the permission to 777 for folders that should be writable by our PHP applications. However this is not the case. It must be set to 755, in which the “group” and “others” users cannot write the folder.
The “Premature end of script headers” error happens when the script stops running before it outputs the content type headers and dates etc. In any file served through a browser, the content type and other items are defined even before the first string of the file (for example, <html>) are fed out. So when this failed, it returned a 404 error, which in turn triggered WordPress to default to the 404.php error page!
So the lesson here: instead of 777, let’s use 755 for folders that need to be modified/written by your PHP scripts.
I had help from a great guy at StackOverflow.com (username jsalonen). Without his guidance of the server error log locations I would not have figured this out anytime soon. Please see the original question at StackOverflow.com.
(No Ratings Yet)
Loading ...
Thanks Jeff, This sorted it out for me!
Hi Jeff, sadly this didn’t work for me.
I too am getting 404 error messages when I try to access timthumb.php, or really, any php file on my server. WordPress keeps throwing 404 error messages even when I try to access files in my WordPress root folder, such as http://mydomain.com/header.php or http://mydomain.com/footer.php.
It seems like WordPress does not want to process any URLs typed directly, but works fine otherwise when I go through my blog to pages, categories and posts. But accessing .php files directly throws a 404 error.
Any ideas? Thanks.
Getting into the raw Apache error logs is the best way to diagnose this. Is this happening even within the root folder? Cause if that’s the case you may have a different problem than me…
I just setup wordpress on a dedicated WIN2003 server, was having a lot of the same access rights issues. Glad to see you got them figured out.
Hi Jeff!
I’m from Italy and I was looking for a site like yours. I’m using form my Blog the same theme: Arthemia. I’m having a really bad issue with Facebook Share not showing any Thumbnail when someone shares a Post! I tried sharing one of yours and I’ve noticed that prewiew shows perfectly! Could you please tell me how did you fix the problem?
I’d really appreciate that!
I had a customer that migrated from a Plesk powered server to my cPanel based one.
This article saved their blog, as no thumbs were showing on their either, after migration.
Thank you.
I cannot thank you enough!
Makes perfect sense – thanks for posting this fix. Helped me get our issue resolved quickly.
I also have 404 errors but cannot find the cause. I have nothing in my error log.
I am having 404 errors as well WordPress 3.01. File permissions checked, no errors in Apache, GD verified, no mod_secure problems, scripts are allowed to run. Rather frustrated, wondering if I can replace timthumb with something else.
Could this be an issue with 3.0 and higher?
Thanks, I have spend many hours just to know why I cannot access my timthumb. All picture are gone and I cannot access each php file in my themes.
The problem fixed when I change permission of my wp-content folder. This is very useful tips.
Can’t thank you enough! Days of frustration has been replaced with a great sigh of relief! Solved my issue after moving multiple clients over to a new host.
Thanks again!
LIFE SAVER!!
thanks loads!!
Thanks for this – I’m so glad I decided to try Googling exactly what was going wrong.
Helped me out as well… gracias!
Thanks, this info really helped me out. In fact, I had to change the rights to 755 up the folder hierarchy and not just in the theme folder. Someone had set rights to wp-content to 777 and propagated down to all subfolders but the server security prevented timthumb.php from running.
Glad it helped – it’s one of those mind bogglers. However in terms of security, most servers have this restriction and I’m totally OK with it – it’s better for the long term.
This worked for me too!
ALL parents of timthumb.php need to have 755 permissions.
You are the MAN. I spent *hours* fiddling with WP/htaccess trying to figure out why I couldn’t get PHP files to run. This totally worked. Thank you SO much.
Thank you very much. I try to fix this issue many time but couldn’t sort it out until I read your post. I just switch from 777 to 755 and all work!. Simple is that. Big Thanks again