Описание
Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme’s wp-json/tdw/save_css) are often targeted by the „Balada Injector“ and similar campaigns to inject malicious scripts.
- Add one or more REST path patterns in Settings Balada Fix (one per line).
- Only logged-in administrators with the
edit_theme_optionscapability can access those paths. - Unauthenticated or unauthorized requests receive a 403 Forbidden response.
Default protected path: tdw/save_css (tagDiv / Newspaper theme vulnerability).
Снимки на разширението
Screenshot installed plugin
Инсталиране
- Upload the plugin files to
/wp-content/plugins/balada-fix/, or install through WordPress Plugins Add New Upload. - Activate the plugin through the Plugins screen.
- Go to Settings Balada Fix to review or add blocked paths (one per line, e.g.
wp-json/tdw/save_cssortdw/save_css).
ЧЗВ
-
Which paths should I add?
-
Add the REST path that is known to be vulnerable and should only be used by admins. Example:
tdw/save_cssfor the tagDiv Composer / Newspaper theme. You can use the full path likewp-json/tdw/save_cssor the short formtdw/save_css. -
Will this break my theme?
-
No. Legitimate use (when you are logged in as an administrator) continues to work. Only unauthenticated or non-admin access to the listed paths is blocked.
Сътрудници и разработчици
“Balada Fix” е софтуер с отворен код. Към разширението са допринесли следните хора:
Сътрудници
Превеждане на “Balada Fix” на вашия език.
Имате интерес към разработване?
Преглеждане на кода, разглеждане на SVN хранилище, или абонамент към програмната история (log) чрез RSS.
Списък с промени
1.1.0
- Added Settings Balada Fix page to configure blocked paths.
- Support for multiple paths (one per line).
- Default path: tdw/save_css.
1.0.0
- Initial release. Blocked unauthenticated access to tdw/save_css.