Linux 软件免费装

Balada Fix

开发者
更新时间	2026年3月26日 19:00
PHP版本:	7.2 及以上
WordPress版本:	6.9
版权:	GPLv2 or later
版权网址:	版权信息

下载

1.1.0

详情介绍:

Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme's wp-json/tdw/save_css) are often targeted by the "Balada Injector" and similar campaigns to inject malicious scripts.

Add one or more REST path patterns in Settings → Balada Fix (one per line).
Only logged-in administrators with the edit_theme_options capability can access those paths.
Unauthenticated or unauthorized requests receive a 403 Forbidden response.

Default protected path: tdw/save_css (tagDiv / Newspaper theme vulnerability).

安装:

Upload the plugin files to /wp-content/plugins/balada-fix/, or install through WordPress Plugins → Add New → Upload.
Activate the plugin through the Plugins screen.
Go to Settings → Balada Fix to review or add blocked paths (one per line, e.g. wp-json/tdw/save_css or tdw/save_css).

升级注意事项:

1.1.0 You can now add and edit blocked paths in Settings → Balada Fix (one per line).

常见问题:

Which paths should I add?

Add the REST path that is known to be vulnerable and should only be used by admins. Example: tdw/save_css for the tagDiv Composer / Newspaper theme. You can use the full path like wp-json/tdw/save_css or the short form tdw/save_css.

Will this break my theme?

No. Legitimate use (when you are logged in as an administrator) continues to work. Only unauthenticated or non-admin access to the listed paths is blocked.

更新日志: