ຄຳອະທິບາຍ
Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme’s wp-json/tdw/save_css) are often targeted by the “Balada Injector” and similar campaigns to inject malicious scripts.
- Add one or more REST path patterns in Settings Balada Fix (one per line).
- Only logged-in administrators with the
edit_theme_optionscapability can access those paths. - Unauthenticated or unauthorized requests receive a 403 Forbidden response.
Default protected path: tdw/save_css (tagDiv / Newspaper theme vulnerability).
ພາບໜ້າຈໍ
Screenshot installed plugin
ການຕິດຕັ້ງ
- Upload the plugin files to
/wp-content/plugins/balada-fix/, or install through WordPress Plugins Add New Upload. - Activate the plugin through the Plugins screen.
- Go to Settings Balada Fix to review or add blocked paths (one per line, e.g.
wp-json/tdw/save_cssortdw/save_css).
ຄຳຖາມທີ່ພົບເລື້ອຍ
-
Which paths should I add?
-
Add the REST path that is known to be vulnerable and should only be used by admins. Example:
tdw/save_cssfor the tagDiv Composer / Newspaper theme. You can use the full path likewp-json/tdw/save_cssor the short formtdw/save_css. -
Will this break my theme?
-
No. Legitimate use (when you are logged in as an administrator) continues to work. Only unauthenticated or non-admin access to the listed paths is blocked.
ຜູ້ຮ່ວມພັດທະນາ ແລະ ຜູ້ພັດທະນາ
“Balada Fix” ແມ່ນຊອຟແວໂອເພັນຊອດ (Open Source). ບຸກຄົນຕໍ່ໄປນີ້ໄດ້ມີສ່ວນຮ່ວມໃນການພັດທະນາປລັກອິນນີ້.
ຜູ້ຮ່ວມພັດທະນາ
ແປ “Balada Fix” ເປັນພາສາຂອງເຈົ້າ.
ສົນໃຈຮ່ວມພັດທະນາບໍ່?
ເບິ່ງລະຫັດ, ກວດເບິ່ງ ຄັງເກັບ SVN, ຫຼື ຕິດຕາມ ບັນທຶກການພັດທະນາ ຜ່ານ RSS.
ບັນທຶກການປ່ຽນແປງ
1.1.0
- Added Settings Balada Fix page to configure blocked paths.
- Support for multiple paths (one per line).
- Default path: tdw/save_css.
1.0.0
- Initial release. Blocked unauthenticated access to tdw/save_css.