Descriere
Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme’s wp-json/tdw/save_css) are often targeted by the „Balada Injector” and similar campaigns to inject malicious scripts.
- Add one or more REST path patterns in Settings Balada Fix (one per line).
- Only logged-in administrators with the
edit_theme_optionscapability can access those paths. - Unauthenticated or unauthorized requests receive a 403 Forbidden response.
Default protected path: tdw/save_css (tagDiv / Newspaper theme vulnerability).
Capturi ecran
Screenshot installed plugin
Instalare
- Upload the plugin files to
/wp-content/plugins/balada-fix/, or install through WordPress Plugins Add New Upload. - Activate the plugin through the Plugins screen.
- Go to Settings Balada Fix to review or add blocked paths (one per line, e.g.
wp-json/tdw/save_cssortdw/save_css).
Întrebări frecvente
-
Which paths should I add?
-
Add the REST path that is known to be vulnerable and should only be used by admins. Example:
tdw/save_cssfor the tagDiv Composer / Newspaper theme. You can use the full path likewp-json/tdw/save_cssor the short formtdw/save_css. -
Will this break my theme?
-
No. Legitimate use (when you are logged in as an administrator) continues to work. Only unauthenticated or non-admin access to the listed paths is blocked.
Contributori și dezvoltatori
„Balada Fix” este un software open-source. La acest modul au contribuit următoarele persoane.
Contributori
Tradu „Balada Fix” în limba ta.
Te interesează dezvoltarea?
Răsfoiește codul, vezi depozitarul SVN, sau abonează-te la jurnalul de dezvoltare prin RSS.
Istoric modificări
1.1.0
- Added Settings Balada Fix page to configure blocked paths.
- Support for multiple paths (one per line).
- Default path: tdw/save_css.
1.0.0
- Initial release. Blocked unauthenticated access to tdw/save_css.