diff --git a/inc/fun/core.php b/inc/fun/core.php
index 4d76305d..14ed5104 100755
--- a/inc/fun/core.php
+++ b/inc/fun/core.php
@@ -367,7 +367,7 @@ function pk_get_img_thumbnail_src($src, $width, $height, $args = array())
         return $src;
     }
     if (pk_is_checked('thumbnail_rewrite_open')) {
-        return home_url() . "/timthumb/w_{$width}/h_{$height}/q_90/zc_1/a_c/" . str_replace("=", "", base64_encode($src)) . ".png";
+        return home_url() . "/timthumb/w_{$width}/h_{$height}/q_90/zc_1/a_c/" . pk_safe_base64_encode($src) . ".png";
     }
     return PUOCK_ABS_URI . "/timthumb.php?w={$width}&h={$height}&a=c&zc=1&q=90&src=" . $src;
 }
diff --git a/inc/fun/opt.php b/inc/fun/opt.php
index 297287cb..3c5dd21e 100755
--- a/inc/fun/opt.php
+++ b/inc/fun/opt.php
@@ -557,3 +557,18 @@ function pk_get_custom_seo()
 {
     return $GLOBALS['pk-seo'] ?? array();
 }
+
+function pk_safe_base64_encode($string)
+{
+    $data = base64_encode($string);
+    return str_replace(array('+', '/', '='), array('-', '_', ''), $data);
+}
+
+function pk_safe_base64_decode($string){
+    $data = str_replace(array('-','_'),array('+','/'),$string);
+    $mod4 = strlen($data) % 4;
+    if ($mod4) {
+        $data .= substr('====', $mod4);
+    }
+    return base64_decode($data);
+}
diff --git a/inc/setting/options/OptionGlobal.php b/inc/setting/options/OptionGlobal.php
index 4b6f37d5..645cdae3 100644
--- a/inc/setting/options/OptionGlobal.php
+++ b/inc/setting/options/OptionGlobal.php
@@ -202,7 +202,7 @@ function get_fields(): array
                     'type' => 'switch',
                     'badge' => ['value' => 'New'],
                     'sdt' => false,
-                    'tips' => "⚠️".__('若开启此选项，请自行手动在Nginx配置中添加伪静态规则', PUOCK)."：<code>rewrite ^/timthumb/w_([0-9]+)/h_([0-9]+)/q_([0-9]+)/zc_([0-9])/a_([a-z]+)/([0-9A-Za-z]+)\.([0-9a-z]+)$ /wp-content/themes/" . get_template() . "/timthumb.php?w=$1&h=$2&q=$3&zc=$4&a=$5&src=$6;</code>"
+                    'tips' => "⚠️".__('若开启此选项，请自行手动在Nginx配置中添加伪静态规则', PUOCK)."：<code>rewrite ^/timthumb/w_([0-9]+)/h_([0-9]+)/q_([0-9]+)/zc_([0-9])/a_([a-z]+)/([0-9A-Za-z_\-]+)\.([0-9a-z]+)$ /wp-content/themes/" . get_template() . "/timthumb.php?w=$1&h=$2&q=$3&zc=$4&a=$5&src=$6;</code>"
                 ],
                 [
                     'id' => 'thumbnail_allows',
diff --git a/timthumb.php b/timthumb.php
index 36ae3b26..f273e825 100755
--- a/timthumb.php
+++ b/timthumb.php
@@ -188,6 +188,15 @@ public static function start()
         exit(0);
     }
 
+    private static function safe_base64_decode($string){
+        $data = str_replace(array('-','_'),array('+','/'),$string);
+        $mod4 = strlen($data) % 4;
+        if ($mod4) {
+            $data .= substr('====', $mod4);
+        }
+        return base64_decode($data);
+    }
+
     public function __construct()
     {
         global $ALLOWED_SITES;
@@ -218,8 +227,8 @@ public function __construct()
 
         $this->myHost = preg_replace('/^www\./i', '', $_SERVER['HTTP_HOST']);
         $this->src = $this->param('src');
-        if(filter_var($this->src, FILTER_VALIDATE_URL) === false){
-            $this->src = base64_decode($this->src);
+        if(strpos($this->src,"http://")===false && strpos($this->src,"https://")===false){
+            $this->src = self::safe_base64_decode($this->src);
         }
         $this->url = parse_url($this->src);
         $this->src = preg_replace('/https?:\/\/(?:www\.)?' . $this->myHost . '/i', '', $this->src);