Description
Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme’s wp-json/tdw/save_css) are often targeted by the « Balada Injector » and similar campaigns to inject malicious scripts.
- Add one or more REST path patterns in Settings Balada Fix (one per line).
- Only logged-in administrators with the
edit_theme_optionscapability can access those paths. - Unauthenticated or unauthorized requests receive a 403 Forbidden response.
Default protected path: tdw/save_css (tagDiv / Newspaper theme vulnerability).
Captures d’écran
Screenshot installed plugin
Installation
- Upload the plugin files to
/wp-content/plugins/balada-fix/, or install through WordPress Plugins Add New Upload. - Activate the plugin through the Plugins screen.
- Go to Settings Balada Fix to review or add blocked paths (one per line, e.g.
wp-json/tdw/save_cssortdw/save_css).
FAQ
-
Which paths should I add?
-
Add the REST path that is known to be vulnerable and should only be used by admins. Example:
tdw/save_cssfor the tagDiv Composer / Newspaper theme. You can use the full path likewp-json/tdw/save_cssor the short formtdw/save_css. -
Will this break my theme?
-
No. Legitimate use (when you are logged in as an administrator) continues to work. Only unauthenticated or non-admin access to the listed paths is blocked.
Contributeurs & développeurs
« Balada Fix » est un logiciel libre. Les personnes suivantes ont contribué à cette extension.
Contributeurs
Traduisez « Balada Fix » dans votre langue.
Le développement vous intéresse ?
Parcourir le code, consulter le SVN dépôt, ou s’inscrire au journal de développement par RSS.
Historique des changements
1.1.0
- Added Settings Balada Fix page to configure blocked paths.
- Support for multiple paths (one per line).
- Default path: tdw/save_css.
1.0.0
- Initial release. Blocked unauthenticated access to tdw/save_css.