Balada Fix

Balada Fix protects your site from unauthenticated abuse of specific WordPress REST API endpoints. Such endpoints (for example the tagDiv theme’s wp-json/tdw/save_css) are often targeted by the “Balada Injector” and similar campaigns to inject malicious scripts.

• Add one or more REST path patterns in Settings → Balada Fix (one per line).
• Only logged-in administrators with the edit_theme_options capability can access those paths.
• Unauthenticated or unauthorized requests receive a 403 Forbidden response.

Default protected path: tdw/save_css (tagDiv / Newspaper theme vulnerability).