wpHakka – wp underground guerrilla

Category: wpHakka Threads

what if you got hacked ?

one day you might find an almost empty htaccess …

<IfModule mod_rewrite.c>
rewriteEngine Off
</IfModule>

what happened is, you got seriously hacked, your htaccess file was sabotaged, and seriously, at this point it doesn’t matter who did it, matters only getting your site back online ASAP, right?

you also just met then the oldest and filthiest wordpress vulnerability, which is, all plugins are democratically equipped with the right to edit ANY of your site files, configurations, db records, just everything and anything …

it also is, that you do not have hakka Orthrus installed … then it wouldn’t happen
our Orthrus has more then two heads, but specially one on the outside and another on the inside, it constantly watches anything what comes and goes, it also reacts instantly when there is any tempering attempt, it restores immediately the compromised files with the original working files.

soooo, bite me, I don’t bite back, I fix the damage silently and watch you trying do your shit and smile about you scratching your head …

24/11/2025 16:52 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251124-165237
25/11/2025 23:53 | TARGET SITE DOWN | Redirect target is not responding correctly.
27/11/2025 03:52 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251127-035255
28/11/2025 12:59 | TARGET SITE DOWN | Redirect target is not responding correctly.
29/11/2025 15:57 | TARGET SITE DOWN | Redirect target is not responding correctly.
30/11/2025 05:09 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251130-050919
02/12/2025 11:36 | ACTIVATION FUPHP | Master functions.php-master created from current version.
02/12/2025 12:24 | ACTIVATION CIO | Master CIO File created from current version.
04/12/2025 01:39 | MASTER UPDATED | Master .htaccess file in place, hash in db.
04/12/2025 01:40 | MASTER UPDATED | Master functions.php file in place, hash in db.
04/12/2025 01:40 | htaccess REC. DENIED | master file is not the last verified version and now saved in incidents, upload a new file
04/12/2025 01:43 | FUPHP RECOVERY OK | Altered functions.php detected and recovered, suspicious file saved: functions.php-incident-251204-014309
04/12/2025 01:53 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251204-015354
04/12/2025 15:58 | MASTER FUPHP UPDATED | Master functions.php file in place, hash in db.

05/01/2026
microsoft trying to be smart

by providing on their report site https://msrc.microsoft.com/report/ stupid forms to report incidents originated from their networks …

are those arrogants believe somebody reports 2000 or more incidents as single reports to their behalf? jeee … AI stupidity is catching up on everybody, big techs are living on mars already …

to whom it might concern, here is a little part for one IP which also shows how stupid they really are, timestamps are Brazil/East :

29/12/2025 08:48:19 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/images/index.php
29/12/2025 08:48:29 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-includes/Text/autoload_classmap.php/.well-known/acme-challenge/file.php
29/12/2025 08:48:36 | IP: 4.213.56.161 | T: wpHakka | Req: /.well-known/error.php
29/12/2025 08:48:40 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/css/colors/midnight/
29/12/2025 08:48:56 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/includes/about.php
29/12/2025 08:49:10 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/product.php
29/12/2025 08:49:28 | IP: 4.213.56.161 | T: wpHakka | Req: /.tmb/wp-login.php
29/12/2025 08:49:33 | IP: 4.213.56.161 | T: wpHakka | Req: /adminfuns.php/.well-known/acme-challenge/file.php
29/12/2025 08:49:44 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/classwithtostring.php
29/12/2025 08:49:49 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/css/colors/
29/12/2025 08:50:09 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/js/autoload_classmap.php
29/12/2025 08:50:12 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/js/
29/12/2025 08:50:13 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/maint/
29/12/2025 08:50:18 | IP: 4.213.56.161 | T: wpHakka | Req: /.well-known/
29/12/2025 08:50:23 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/network/admin.php
29/12/2025 08:50:24 | IP: 4.213.56.161 | T: wpHakka | Req: /admin.php/.well-known/acme-challenge/file.php
29/12/2025 08:50:35 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/classwithtostring.php/.well-known/acme-challenge/file.php
29/12/2025 08:50:53 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/css/colors/blue/
29/12/2025 08:50:54 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-includes/sitemaps/autoload_classmap.php/.well-known/acme-challenge/file.php
29/12/2025 08:50:58 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/includes/index.php
29/12/2025 08:51:06 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/css/about.php
29/12/2025 08:51:11 | IP: 4.213.56.161 | T: wpHakka | Req: /.tresh/index.php
29/12/2025 08:51:20 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/js/widgets/vx.php
29/12/2025 08:51:44 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/maint/index.php
29/12/2025 08:52:06 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/
29/12/2025 08:52:09 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/css/colors/about.php
29/12/2025 08:52:17 | IP: 4.213.56.161 | T: wpHakka | Req: /wp-admin/vx.php
29/12/2025 08:52:18 | IP: 4.213.56.161 | T: wpHakka | Req: /.well-known/gecko-litespeed.php
29/12/2025 08:52:30 | IP: 4.213.56.161 | T: wpHakka | Req: /.well-known/alfacgiapi/getdir.alfa

go back to sleep Gates … and stick your gecko-lightspeed elsewhere up …

31/12/2025
the wp cron misconcept

wp cron defies the real world’s cron concept, which is running tasks during low traffic time windows

the babble says that cron depends on site’s traffic or busy state, may run late and is not aboslutely wrong, but leads to false interpretation …

wp cron is, as any other wp function, always in a passive state waiting for a page load … and then and only then it might run

so the real description for how wp cron works is:
as long as your site is sleeping, wp cron is dead …

so now you know why your tasks are not running in a timely manner, wp cron became a marketing headline like WE HAVE IT!, but it isn’t a cron scheduler, it is the rowboat where the rowers are at lunch and the drummer takes his stroke seat after they are back … and then we hope the boat starts moving

shocked? don’t be, it’s wp …

how to manage the problem?

firstable you need to forget about how cron usually works, to get better scheduling you need to schedule in peak hours … sounds funny? and it is, actually it is absurd, but that is a way to get the work done

a better way is not to schedule periodically like every two hours, schedule the first run for “tomorrow 05:00” to avoid the immediate task trigger and if at the desired hour your site has traffic, then the chance is high that it runs as desired on time

still you’re a suspect to suffer the “no traffic syndrome” and your task may not run, so how to manage it?

at the end of your scheduled function you add some code to remove the now dead schedule, and reschedule for “tomorrow 05:00”

so that’s the best you can do, within wp, and assure that your task runs as expected every day at almost the same hour

if you need to be really sure then add somehow some page requests with curl or wget at the desired hour from an external site and you’re set, that is of course rediculous but should work to become the authority for your task …

being the plaster mason for a badly build wall is not satisfying, we know that and we have it already in the kitchen, more precisely it is already in the oven, we are finishing a unix cron timer api to stop the wp cron madness and to have a reliable source for running tasks on the hour and without trickery in low traffic hours

until then, keep calm and wp cron rescheduling it is

26/12/2025
what is AI really?

to say it right away, it is nothing else than Bill Gate’s WYSIWYG … a lie, an illusion, an empty promise … but it started a process and AI is completing the cycle, the general stupefaction of people … so if one day AI becomes the standard for intelligence, it happens only because there is no other anymore …

to start with, AI will never know about the real sense of the words, you can see that live when you ask AI to write a code snippet, the var names are just ridiculous and often totally disconnected from the issue

Ai also does not have any sense at all, it has no organs, no nerves, no eyes, no feelings, no blood, it misses the strongest basic human details which make the difference, knowing meaning and sense …

without knowing the meaning, without having knowledge of sense, no real reasoning is possible, that’s then the prove for absence of intelligence …

they tell you they teach AI all that, sure, but even knowing what hurts AI never will know how it feels, even if AI says oh, that hurts, or oh, sorry – the words are worthless, that’s like hitting a dead man, he can´’t feel it, you also can’t teach a wall anything, you can teach a computer to say ouch when somebody press the mouse button, as well as you can teach it to say fuck you, it doesn’t make a difference, the button, the mouse, the computer do not know what the words mean …

sorry for crashing your illusion … but that is what it is, and AI is nothing else than a kind of search machine, just like google, bing and others, putting on your plate what they have in the kitchen, and often, AI isn’t capabable of prepare a meal with all the ingredients it always has too much salt or sugar, AI has no senses

the decision about if what you get is good, is on you, you have to read it, you have to review all details and be capable of analyzing not only the product you got, but also what impact it might cause on your work and all related issues …

and now the real problem, AI has no conscience and no remorse, so if something goes wrong and you haven’t seen it – dear … youŕ e on your own, you can’t fire anybody or sue somebody for damages it caused you …

so better you keep trusting your own intelligence, even if it is low, at least it is real and doesn’t cheat you … and don’t fall for illusions, you’re always smarter than any AI

22/12/2025
historical december 19th

exactly a year ago we released Photo Projects, a real life media library substitute for that wordpress thing, with real folders and several usefull features

V-History
V-0: 19-12-24

the journey became an odissey through the wild and savage wordpress ocean

today we released the full working Metro Framework with our own privatge module repository, upgrade tracking and a full self-containing security system
today is 19-12-25 wpHakka’s Victory Day

kinda hard to describe it short enough, it is like they say in that movie, it’s nothing, but … it’s everything

the Metro Framework makes wordpress a better place, turns it into a managable place and most of all into a SECURE PLACE

there is the Metro Repo, completely breaking all wp plugin rules, indepentend and authoritative for all wpHakka Modules, providing a private repo for maintanance and upgrades and a perfect rollback option, which garanties zero downtime

the Metro Repo provides a central point of truth for all available modules, and on he client side the Hakka Control Center maintaines the UGF Registry for installed Modules

the most intuitive interface for the site admin to get an overview of installed modules and if there is any action or information available

site administration finally became as easy as a mouse click, no guessing, no worries, no doubts, click it and let it happen

soon the upgrade is installed a rollback option becomes available to do it instantly, another zero downtime advantage, may be you just didn’t liked a new css setting, rollback and report and we see how we can satisfy your needs – but bugs? well, nobody is perfect but we run each upgrade on our real lefe sites in order not to deliver unpleasant surprises

all module’s functionality got a slight performance improve, unleash has now a bot net protection embedded and uses a still better compression rate, Orthrus got better eyes and sees what’s coming before touching ground, security checks put it all together and prevents any bad plugin action, any essential files tampering attempts, and not to forget, provide the admin with info per email when necessary – but don’t lose your well deserved sleep, Security Checks and Orthrus save eventual legitimate changes for review, and keeps the site running until admin confirms the new settings

sounds alien but isn’t, who wants to nuke your site better does it locally with fire and flames on hardware level, because from the internet he might spend his time for nothing …

let the peace open your mind and become a relaxed sys admin, smiling all the time, like I do, I just don’t look like smiling, but I am :)

wpHakka’s Day, 2025, December 19th

19/12/2025
situação real CV – IA …

novos tempos reveladores …

assim que percebem que aqui produzimos código em vez de passar o dia falando sobre código, os fantásticos CVs feitos por IA nem aparecem para a entrevista pessoal …

desenvolvedores se revelam engenheiros em ferramentas wix e hostinger, programadores não conseguem escrever um loop em php com iteração entre dois valores sem consulta de google, pedindo montar uma chamada ajax com callback de sucesso a pessoa magicamente desaparece e fica o cheiro de solas de tênis queimadas na sala …

devo estar brincando? pior que não …

de repente, aqueles que pedem salários de 5 cifras não estã viajando, apenas coerentes no meio de fantasmas …

16/12/2025
CIO report …

those kiddy kackers do nothing really, they have nothing to do and pick patterns to scan web sites …

but it is also good to have an eye on them, to know who’s sniffing around, then you can decide if you block the source address or just notice it and keep tracking it

what hakka CIO does is not just logging, it silently redirects the false and suspicious requests, they do not even reach your wordpress site, the pseudo hackers do not see what happens, a real silent underground countermeasure for the wannabie attempts, the interception happens on lower level and is a life ensurance that your site works trouble free, it doesn’t get hit

the IP’s are real, the TZ is Brazil/East:
02/12/2025 21:09:54 | IP: 195.178.110.201 | T: Ensaios | Req: /.git/config 02/12/2025 21:09:58 | IP: 195.178.110.201 | T: Ensaios | Req: /backend/.env 02/12/2025 21:10:00 | IP: 195.178.110.201 | T: Ensaios | Req: /admin/.env 02/12/2025 21:10:00 | IP: 195.178.110.201 | T: Ensaios | Req: /core/.env 02/12/2025 21:10:01 | IP: 195.178.110.201 | T: Ensaios | Req: /.env.bak 02/12/2025 21:10:02 | IP: 195.178.110.201 | T: Ensaios | Req: /.git/logs/HEAD 02/12/2025 21:10:04 | IP: 195.178.110.201 | T: Ensaios | Req: /.gitlab-ci.yml 02/12/2025 21:16:02 | IP: 43.153.102.138 | T: wpHakka | Req: /wp-json/oembed/1.0/embed 02/12/2025 22:52:00 | IP: 91.224.92.150 | T: wpHakka | Req: /wp-admin/ 02/12/2025 23:26:51 | IP: 216.244.66.242 | T: Diarium | Req: /blog/aqyi-vamos-nos/feed/ 02/12/2025 23:46:43 | IP: 52.167.144.220 | T: wpHakka | Req: /reorganized-s-cache-user-interface/feed/ 03/12/2025 04:32:44 | IP: 124.156.179.141 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 05:12:47 | IP: 101.32.49.171 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 05:22:21 | IP: 43.130.3.120 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 10:01:26 | IP: 57.141.0.62 | T: wpHakka | Req: /wp-json/oembed/1.0/embed 03/12/2025 10:32:46 | IP: 74.7.243.250 | T: wpHakka | Req: /wp-json/oembed/1.0/embed 03/12/2025 10:32:48 | IP: 74.7.243.250 | T: wpHakka | Req: /wp-json/oembed/1.0/embed 03/12/2025 10:33:01 | IP: 74.7.243.250 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 10:33:03 | IP: 74.7.243.250 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 10:33:04 | IP: 74.7.243.250 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 10:33:05 | IP: 74.7.243.250 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 10:33:06 | IP: 74.7.243.250 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 10:33:07 | IP: 74.7.243.250 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 03/12/2025 11:08:54 | IP: 139.59.255.163 | T: wpHakka | Req: /wp-login.php 03/12/2025 11:08:56 | IP: 139.59.255.163 | T: wpHakka | Req: /wp-admin/ 03/12/2025 12:55:56 | IP: 216.244.66.242 | T: Diarium | Req: /blog/morrer-ou-matar/feed/ 03/12/2025 13:21:34 | IP: 162.243.187.204 | T: wpHakka | Req: /wp-admin/css/ 03/12/2025 13:47:45 | IP: 216.244.66.242 | T: Diarium | Req: /blog/individualidade-de-ver/feed/ 03/12/2025 14:18:13 | IP: 170.106.163.48 | T: Web-Dev | Req: /wp-json/oembed/1.0/embed 03/12/2025 14:28:25 | IP: 43.153.85.46 | T: Web-Dev | Req: /wp-json/oembed/1.0/embed 03/12/2025 14:34:22 | IP: 129.226.174.80 | T: Ensaios | Req: /wp-json/oembed/1.0/embed 03/12/2025 14:38:41 | IP: 43.153.48.240 | T: Web-Dev | Req: /xmlrpc.php 03/12/2025 16:38:17 | IP: 49.51.36.179 | T: Ensaios | Req: /xmlrpc.php 03/12/2025 16:48:03 | IP: 43.153.15.51 | T: Ensaios | Req: /wp-json/oembed/1.0/embed 03/12/2025 16:51:34 | IP: 216.244.66.242 | T: Diarium | Req: /blog/tem-vaga-pode-vir/feed/ 03/12/2025 19:14:57 | IP: 195.24.236.57 | T: wpHakka | Req: /wp-login.php 03/12/2025 20:26:06 | IP: 43.159.132.207 | T: Diarium | Req: /blog/wp-comments-post.php 03/12/2025 20:36:29 | IP: 43.167.232.38 | T: Diarium | Req: /blog/wp-admin/admin-ajax.php 03/12/2025 22:22:29 | IP: 216.244.66.242 | T: Diarium | Req: /blog/17cm-desde-07-08/feed/ 03/12/2025 22:52:14 | IP: 202.155.143.185 | T: wpHakka | Req: /wp-admin/style.php 03/12/2025 22:52:41 | IP: 202.155.143.185 | T: wpHakka | Req: /wp-admin/admin-ajax.php 03/12/2025 22:52:45 | IP: 202.155.143.185 | T: wpHakka | Req: /wp-admin/zwso.php 03/12/2025 22:52:59 | IP: 202.155.143.185 | T: wpHakka | Req: /wp-admin/css/index.php 03/12/2025 22:53:09 | IP: 202.155.143.185 | T: wpHakka | Req: /wp-admin/txets.php 03/12/2025 22:53:14 | IP: 202.155.143.185 | T: wpHakka | Req: /wp-admin/postnews.php 03/12/2025 23:45:10 | IP: 141.98.11.10 | T: wpHakka | Req: /wp-admin/ 04/12/2025 03:46:40 | IP: 129.226.174.80 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 04:13:25 | IP: 195.178.110.201 | T: wpHakka | Req: /.git/config 04/12/2025 04:13:26 | IP: 195.178.110.201 | T: wpHakka | Req: /backend/.env 04/12/2025 04:13:27 | IP: 195.178.110.201 | T: wpHakka | Req: /admin/.env 04/12/2025 04:13:28 | IP: 195.178.110.201 | T: wpHakka | Req: /.env.bak 04/12/2025 04:13:29 | IP: 195.178.110.201 | T: wpHakka | Req: /.git/logs/HEAD 04/12/2025 04:13:30 | IP: 195.178.110.201 | T: wpHakka | Req: /.gitlab-ci.yml 04/12/2025 04:13:35 | IP: 195.178.110.201 | T: wpHakka | Req: /.npmrc 04/12/2025 04:32:36 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:39 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:40 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:41 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:42 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:42 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:43 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:44 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:45 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:45 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:46 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:47 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:48 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:48 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:49 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:50 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:51 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:51 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:52 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:53 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:54 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:54 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:55 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:56 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:57 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:57 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:58 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:32:59 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:00 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:00 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:01 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:02 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:03 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:03 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:04 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:05 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:06 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:06 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:07 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:08 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:09 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:10 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:10 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:11 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:12 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:13 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:13 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:14 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:15 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:16 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:16 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:17 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:18 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:19 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:19 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:20 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:21 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:22 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:22 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:23 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:24 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:25 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:25 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:26 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:27 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:28 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 04:33:29 | IP: 104.28.240.84 | T: Ensaios | Req: /xmlrpc.php 04/12/2025 05:16:11 | IP: 170.106.15.3 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 05:26:11 | IP: 43.154.140.188 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 05:56:51 | IP: 43.166.136.202 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 10:53:36 | IP: 57.141.0.22 | T: Diarium | Req: /blog/sem-medo-da-chuva/feed/ 04/12/2025 11:15:07 | IP: 43.133.91.48 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 12:35:56 | IP: 43.164.195.17 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 13:16:45 | IP: 101.32.49.171 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 13:25:57 | IP: 43.173.1.57 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 13:32:49 | IP: 216.244.66.242 | T: Diarium | Req: /blog/recuperacao-impressionante/feed/ 04/12/2025 13:35:43 | IP: 43.130.32.245 | T: Diarium | Req: /blog/wp-json/oembed/1.0/embed 04/12/2025 13:40:47 | IP: 103.163.161.30 | T: wpHakka | Req: /wp-admin/style.php 04/12/2025 13:41:15 | IP: 103.163.161.30 | T: wpHakka | Req: /wp-admin/admin-ajax.php 04/12/2025 13:41:22 | IP: 103.163.161.30 | T: wpHakka | Req: /wp-admin/zwso.php 04/12/2025 13:41:39 | IP: 103.163.161.30 | T: wpHakka | Req: /wp-admin/css/index.php 04/12/2025 13:41:54 | IP: 103.163.161.30 | T: wpHakka | Req: /wp-admin/txets.php 04/12/2025 13:42:00 | IP: 103.163.161.30 | T: wpHakka | Req: /wp-admin/postnews.php 04/12/2025 14:03:41 | IP: 217.113.194.6 | T: Diarium | Req: /blog/family-business/feed/ 04/12/2025 14:03:57 | IP: 217.113.194.5 | T: Diarium | Req: /blog/morning-coming/feed/ 04/12/2025 14:04:13 | IP: 217.113.194.9 | T: Diarium | Req: /blog/a-melhor/feed/ 04/12/2025 14:04:30 | IP: 217.113.194.4 | T: Diarium | Req: /blog/good-night-sunday/feed/ 04/12/2025 14:04:46 | IP: 217.113.194.2 | T: Diarium | Req: /blog/as-galerias/feed/ 04/12/2025 14:05:02 | IP: 217.113.194.11 | T: Diarium | Req: /blog/convivencia/feed/ 04/12/2025 14:05:18 | IP: 217.113.194.11 | T: Diarium | Req: /blog/quem-diria/feed/ 04/12/2025 14:05:34 | IP: 217.113.194.4 | T: Diarium | Req: /blog/todo-que-existe/feed/ 04/12/2025 14:05:50 | IP: 217.113.194.2 | T: Diarium | Req: /blog/vista-noturna-2/feed/ 04/12/2025 14:06:06 | IP: 217.113.194.202 | T: Diarium | Req: /blog/apoio-da-cpfl/feed/ 04/12/2025 14:06:22 | IP: 217.113.194.203 | T: Diarium | Req: /blog/cade-meu-amor/feed/ 04/12/2025 14:06:38 | IP: 217.113.194.10 | T: Diarium | Req: /blog/visita-hoje-cedo/feed/ 04/12/2025 14:06:54 | IP: 217.113.194.242 | T: Diarium | Req: /blog/um-pelotao-da-star-link/feed/ 04/12/2025 14:07:11 | IP: 154.54.249.193 | T: Diarium | Req: /blog/nao-e-chuveiro-mas/feed/ 04/12/2025 14:17:17 | IP: 43.130.40.120 | T: wpHakka | Req: /wp-json/oembed/1.0/embed 04/12/2025 14:27:30 | IP: 49.51.204.74 | T: wpHakka | Req: /wp-json/oembed/1.0/embed

04/12/2025
why do we still like wordpress ?

maybe because it is as messy as our own lifes are and so we feel at home?

maybe it is because we start working, building around the problems and at one point there is no way back … some even may think they’re then part of it?

or the panic-merchants selling their plugin stuff and you paid so much already and don’t wanna lose it?

well, nobody knows for sure, we just wanted to get rid of the uploads limitation and wrote our own library, things came together, new ideas came up and then the underground system was born

we keep posting, you keep reading, when you’re ready give us a call and we start teaming up

for a better wordpress

02/12/2025
we just dropped plasma

that’s what happens when you want to embrace the whole world … kde plasma 6 is just horrible … jeeee

oxygen theme comes out scrambled, panel doesn’t stick to the height, colors are not correctly applied …

and this settings menu? oooh god, who designed that piece of crap? must be AI who did that, disordered items, totally not intuitive, options spread everywhere

final judgement: unusable – dead by incompetence …

logout, select cinnamon desktop and guess what? back to a peaceful live

RIP Kde, I was faithful until you killed yourself and thanks for ending my pain

hey Cinnamon, let’s go hakking 😄

29/11/2025
ready for takeoff to 2026

sadly we have to say, wordpress is still stuck in 1999 …

[27-Nov-2025 13:40:36 UTC] WTF of timestamp is that? it is 10:40 in Brazil!

how is that amount of ignorance even possible?

that happens until somebody gets rid of the shit, leaves his nice and cosy sofá from last century, smashes his beer can in the trash and does something — here is how:

[27-Nov-2025 10:40:49 America/Sao Paulo] not shorter, but the time is ok

but also you could get

[27-Nov-2025 10:55:19 Etc/GMT+3] well, nice, but still not really good

you can set the debug.log Timestamp to any string suitable to your location according to the original PHP documentations PHP Timezones, another example for Brazil is looking nize and functional

[27-Nov-2025 10:57:13 Brazil/East] This is our favorite timestamp for now

just add the following to your functions.php:

add_action(‘init’, function () {
date_default_timezone_set (‘Brazil/East’);
});

you can change the timezone string to any of the values int the PHP Docs at the link above, and that was the easy way, 5 miutes fix of a 100 year old problem

obviously we do not need a locations description in our logs, certainly we do know where we live, right? anybody does, just wp-devs not, don’t they have a home? and if, it is somewhere in the past …

we are preparing a small php method, which can be used for any php script, to be practical, fully configurable, like this as it would look for Brazil:

[27/11/25 10:59:09] so now we’re talking … right?

just wait for it, you don’t have to wait until 2026 … and just for not to forget, wake up wp devs!

Peace
H.Mich

27/11/2025
what is this Metro Framework ?

our Metro Framework is an autonomous subsystem what happens to run on wordpress CMS

it transforms the historic understanding of plugins into different module structure, and it is not some name-juggling, we took our plugins out of the pattern and treat them differently

all metro modules, and their individual files, are maintained by our own module repository and can be upgraded instantly form the Metro Control Center, in order to understand it easily, think about plugins from another repo, and each plugin can be updated partially, not only as entire module, each operation can be rolled back instantly troublefree

all modules work on metro’s framework with shared libraries, like php functions, js scripts, css sheets, db functions and templates, this restructuring is addressing several critical issues existing in wordpress core

the shared libraries practically substitute wp-core functions and methods, like $wpdb, we have our own db library and others as well

Important is understanding that the substitution is meant that HOW METRO USE ITS OWN LIBRARIES, but does not change or disable any wp core function, bottom line, wp and metro co-exist and do not conflict in any way and keep functioning as designed

Our Pro Commander is Metro’s “media library” without those restrictions WP Media Library has, we can create unlimited sub directories and have instant webp creation build in without depending on dubious third party add-ons or payed services, we do it directly, without extra costs and still do it better and faster

in a very near future the shared templates will not only have php templates for feeds, but also will be layout templates, that means no themes are needed anymore, the site admin creates the templates on the fly and they are instantly available for the gutenberg editor — we eliminate a whole ballon of floating problems and solve them in one hit with instant templates — want to change your site appearance? ok, hang on, and look at the new layout within a coupe of minutes without have to worry about theme-limitations, you just change the layout it instantly and lose nothing

just to mention it, you will miss nagging premium update alerts, you will miss all the other add-complication scenarios, Metro Framework gives you a being-at-home feeling, everything is intuitive, nothing needs to be studied, the controls are where they feel confortable, the options don’t use fancy names and certainly, without any exxageration, anybody who has a computer and knows to how use a keyboard can benefit from the Metro Framework

at the same time it changes the scenario for site makers, programmers and admins, a week for creating a wordpress site? those times are over, let it be the most complex layout, at the end of the day it is running and the owner can start posting from anywhere he actually is, troubleless, even from a smartphone

the Metro Security enhances any standard wordpress installation, we rise a double wall, we take care of outside attempts, as well from inside attempts, the Metro Framework is the countermeasure against plugin poisoning, backdoors attempts, file write access, hakka Orthrus and hakka Security Checks are both selfsustained modules which repair eventual damages immeadiatly and report any incident, that inlcudes the nasty native finctions.php-thing — you never have to worry about it anymore, you will forget it existence

HOW THAT? is what people ask, it is easy, we have build on a different standard from beginning, we do not build workarounds, we isolate the problem and solve it. it was always like that, we can not do anything about, that is difficult or let it be, this is good enough … those sayings do not exist here.

I hope this sheds some light on your doubts and you keep following us to see how it goes, and it is going fast now, we are still far from ready, but the actual state is fully fucntional and working, and for the know-it-better guys, you’re right, nothing is 100% secure and somebody could hack our system …

yeah, you might be right, then do it, but you get nothing — we have no clear passwords in Metro anymore, our Stealth Technique allows us to say, go ahead, steal our private data, steal our passwords, all encrypted and the time you need to discover our algorithm we go have a coffe on Mars and when we come back your still tearing your hair out … if you’re still alive

peace!
H.Mich

26/11/2025
certamente agradeço a todos

que me ignoraram, não ajudaram, não ofereceram serviço, especialemente aqueles que odeiam competência e vivem boicotando e inventando histórias cabulosas …

sem essa ajuda fundamental, que garantiu sossego total para desenvolver, nunca teria conseguido desenvolver o meu mais novo projeto Metro Framework para construir websites baseados em wordpress em tempo recorde e com segurança total que ninguém consegue invadir ou roubar conteúdo

uma obra mestre inédita, não existe semelhante, de

zfbsd/PROGS/Metro_Underground> wc -l ./*/*

134235 linhas total

escrito a mão própria , bug-free, error-free, instalar e esquecer …

Obrigado a todos que participaram na sabotagem!

:) peace!

13/11/2025
wp’s latest monkey feature

it cost me 21h of debugging my system to death … thank you, eggheads!

I am the fiercest enemy of “it just happens, I did not do anything” … the most stupid lie ever, but in a way I had to chew on it

suddenly, after pressing a button on a wp plugin admin page a 500 error popped up and shortly I was misguided by the nature of 500, which normally by definition is a server error …

monkey feature part one is, that the shameless wp-dev who dragged it in, camuflaged it as if it was a 500, but it was just a miserable trick hiding what it really was …

I will not tell the whole story, so the short version is, it was in the names

this it was:
<select name=”post_type” id=”post_type”>
silently, immediately on button press, wp threw the 500 out, while this:
<select name=”p_type” id=”p_type”>
went through normally as before …

IT IS JUST A NAME, what’s the brain vacuum level of whom who did that?

here the prove of it being not only vacuum, but also quite close to zero kelvin in that genius’s brain:

this works now:
$p_type = sanitize_text_field($_POST[‘p_type’] ?? ‘post’);
but this too:
$post_type = sanitize_text_field($_POST[‘p_type’] ?? ‘post’);

defintely nuts, but it’s still missing the key for “it suddenly happened”, where is it ?

here it is, last week I upgraded to wp 6.83 … somebody put a box of rats into that upgrade just in order to sabotage honest people’s work

now it is a full monkey feature sticked on my wp’s wall of shame

then I thought, maybe those wp guys are losing it and it was just a way to say: who’s the boss? we are …

and I thought, but not anymore …

12/11/2025
the truth about wp’s functions.php

you never wanted to trash wordpress for that stupid functions.php?

that can be true only if you never used it …

but when, it doesn’t take long to hate it, but hate it more than anything else, who invented that thing, or better, why they never fixed it?

theme makers are just like any other average user, they just let it be, let the charge come down on you …

this madeness that it can be overwritten, expunged or have errors causing a fatal error which crashes your site, while at the same time it silently ignores errors and people believe everything is fine …

now we finish that battle for good, we wrote a self-containing method whith instant recovery and which can handle wp upgrade or themes upgrades without the need of touching that dangy file anymore never again

“hakka security checks” is the new name

it is like outsourcing the whole private content, functions.php is just a theme owned file and you do not need to care about anymore

with a simple tap or mouse click you toggle standard actions or filters, you can add your own functions and then you enable/disable them by a click without having to care about wp or theme anymore

the hassle is over, we are giving you back the control over your wordpress site

in a couple of days specific information about SecCheck wil be posted, so keep an eye on this blog, you wouldn’t want to miss it

04/11/2025
the AI backscatter

after reading this you can say “I saw it coming” when it hits you, and it will, as hard as it gets …

the power of that backscatter depends on you, use AI in a moderate way and you will be spared from going down, depend on it and you will fall and hit the floor, build on it and you get eliminated for good

AI is nothing more than a scam to create dependency, increase your stupidity grade, acommodate you, then you get doomed to become a stupid copy-paste operator, your creativity will be erased

it is the ultimate autoritarism implementation, appearently without violence they take you over, the violence is deep hidden in the psychological trickery of AI’s MO

the simpliest prove is Elon Musk’s stupid try to change history with falsifying facts for his groggy-shit-pedia, if it wasn’t so sad, it would make me laugh, as stupid as the temptation is it hits for now only people more stupid then the try itself

but don’t be deluded that other’s don’t do it, just more sutil, another example is the invalidation of google responses, no clear date stamp on results, fully mixed old with new, just to confuse you more and more to make you opt-in to AI

and what appears to be intelligence is just a smartass response, when they don’t have a documented answer they make things up, just out of the blue, exactly like Bill Gates did when he scammed IBM trying to sell MsDos to them, which worked out well, MsDos didn’t exist yet … imagine that happens during your heart surgery …

just observe your mobil keyboard grammer and spell checker, aren’t they failing more and more? didn’t they skip correction or have no correct suggestion for a lot of words? and why? easy, they try to get you by your weakness, make you desist and use their AI keyboards so they can better spy on you

after all that, I just can say: YOU SHOULD HAVE NOTICED ALL THAT BY YOURSELF!

so, this is your last chance, wake up! react, reject AI and keep your integrity, stay to who you are and don’t listen to machine orders! it is always YOU who control the machine, unless you give up on yourself

so what now? just think and remember what I just told you, if not you will remember when it hits you and and it will: DAMNED, I SAW IT COMING

don’t let it come so far, be smart

and that the peace will be with you
H.Mich

02/11/2025