wpHakka Threads – Page 2 – wpHakka – wp underground guerrilla

I built a machine …

wpHakka.com.br - Metro Underground Framework for

it was meant to be a watchdog, but grew beyond, the Orthrus Module became a self contained security guard, not only for our Metro Framework, but also for the wordpress site where it is installed

it works closely together with Sec-Check, which operates the CIO Wall and establishes numerous selectable security measures – Orthrus comes in by watching the whole CIO Wall logic and setup, it garanties a secure operation against any kind of attempt

Orthrus is the backend for our:

👉 CIO Wall
👉 functions.php guard
👉 wp-config.php guard
👉 .htaccess guard
👉 I-Rec (Instant File Recovery)

Orthrus’s authorities are:

File Monitor, Detection, Recovery, Tracking, and Clean-up
Informs but doesn’t nag
Acts but allows undo as an admin action
Remembers history and offers rollbaclk action
Self-manages its entire lifecycle

What does it mean?

Orthrus has a complete inside view to all metro and wordpress system files, monitors them, detects any kind of change, like file content change, missing file, new file – a background task running constantly without affecting system performance in any way

Soon a change is detected, the incident is reported and also immediately revovered to the last known save state – that means, when any file got compromised it is instantly replaced and site’s normal operation is assured

the instant recovery, I-Rec, is not only reported, but also appears on the admin page and is available to undo the operation – the file change might have been legit, so the admin select the file and runs the undo action – but still exists the possibility that it wasn’t legit, so a Rollback action becomes available to undo the undo, means reinstate the original file stage

to good to be true? it is quite really true and works, flawless, Orthrus takes care of wordpress’s native security problems, specially being an “Open-Door-Playground” for all installed plugins and themes …

that is only for big companies … wrong!

any company can benefit from Orthrus, but remember, big companies usual have their programmers, developers and a security team, small companies or one-man-sites need it more than anybody else, because nobody has to study to understand the way Orthrus works or about wordpress internal functions, small companies suffer hard from a severe incidents and such can cause long downtime and high recovery costs when the system needs to be analized to find the problem – and that is what Orthrus does instead

it is that simple, one time setup and forget, it is a machine

wpHakka.com.br, underground guerrilla, wp's media library is a joke, we fix it

Orthus is not a spleeping pill but assures that the system keeps running while you are sleeping, it also is not a technician, nobody needs to tell Orthrus what to do, it acts by itself and recovers from any file level incident, and it also is not the mother like: Oh, what now, what can I do, mom … when you get the report, Orthrus did it already and just tells you what happened and that your site is up and running

Orthrus is another kind of security level for wordpress sites, a real one, no third party modules needed, no additional premium add ons needed, no adds, no naggs … it just works like a machine

Orthrus is what you dreamed of, I build that machine to save an old rusty machine

01/02/2026

wanna know what’s funny?

and has an abuse contact in its WHOIS record:

Abuse contact for ‘141.98.11.0 – 141.98.11.255’ is ‘admin@serveroffer.lt’

isn’t it Mr.Paulius?

inetnum:        141.98.11.0 – 141.98.11.255
netname:        LT-HOSTBALTIC-11
country:        LT
admin-c:        PV7242-RIPE
tech-c:         PV7242-RIPE
status:         ASSIGNED PA
mnt-by:         mnt-lt-hostbaltic-1
created:        2019-01-10T13:12:30Z
last-modified: 2019-01-10T13:12:30Z
source:         RIPE

person:         Paulius Vancugovas
address:        Draugystes g. 19
address:        51230
address:        Kaunas
address:        LITHUANIA
phone:          +37067358624
nic-hdl:        PV7242-RIPE
mnt-by:         mnt-lt-hostbaltic-1
created:        2019-01-08T13:14:38Z
last-modified: 2019-01-09T13:14:40Z
source:         RIPE

That are those moments when you discover how serious a company is …

should we try your servers in return?
don’t worry, we don’t do that, we are serious about security

27/01/2026

reading matters …

AI never will be able to do what you can do with your natural intelligence, AI depends heavy on historical data in programming, is not able to develop new methods or have ideas build on knowledge like we humans can

often happens that AI responses are outdated, now imagine you’re writing code in 2026 based on 2012 standards, I do not need to explain that further, here a prove you how you can check it easily:

since time I use the %i placeholder in wpdb queries, recently a coworked called my attention by saying this won’t work, you can’t use %i, that’s invalid, I consulted AI already and they confirmed it … here the line:

$query = $wpdb->prepare(“SELECT COUNT(*) FROM %i”, $table);
$count = $wpdb->get_var($query);

well I said, you must have talked with AI grandmother, and told him to do some real research on that matter and then tell me again …

shortcut: you don’t believe it, then put the code in your script and look at the outcome, the %i placeholder was added to newer wpdp core running on latest PHP versions and is totally valid …

AI isn’t intelligent, they do not even do the slightest double check on what they put together, sometimes they stitch old code with new code and nothing works, long time I have given it up – the time you spend correcting AI errors isn’t worth it, and you prowd vibe-code are listening to a vibe-coder-machine – happy birthday

my advice is, read as much as you can and study, any second you spend this way is worth one week of AI coding …

peace, H.Mich

26/01/2026

manufactoring peace …

is what we really do …

while others are in meetings to discuss how to solve issues, we already have their prevention implemented …

while others follow the modern workflow debating in their 3rd hour of “incident post-mortem” about how that could have happened, we already detected it, fixed it, prevented new similare incidents and are having coffee smiling about the noise coming from the meeting room

and the best, we had no downtime at all.

in return we get:

🚫 “Not a team player” (because we actually complete things)
🚫 “Doesn’t follow process” (because process is often the problem)
🚫 “Hard to manage” (because we don’t need managing)
🚫 “Makes others uncomfortable” (competence is threatening)

but it is worth it, because the peace is with us, the smile too, and the coffee is deserved, and our systems are working in our favor

keep talking, we solve problems …

and most don’t get it, it is not about competing, we don’t care about your money, we don’t care about your fame or your position, it is all about peace and having it, we manufacture peace

26/01/2026

when they’re are mocking me

I just like it, each time I feel closer to my goals

at the same moment I understand fully that I have no time to spend with them, it would be lost time, senseless, if somebody doesn’t has the vision to understand different or new methods we do not even need to try to explain …

most programmers do not understand much about programming, they think that is matters which language they use, which APIs they build in, but that are just tools, certainly not relevant for creating a project and developing it further

the idea is creation, the imagination is how it should work while not getting carried away by the same imagination, that is what it is about – it is all about creativity

so I am sitting here often, just thinking about what will happen, because it seems that creative people are dying out, without them there is no creativity anymore, intelligence will cease

that is then the new AI World, clewless, open your AI prompt and wait what happens – nothing happens, because it has no creativity, it has no imagination, no initiation, it does not even know what it means that somebody, a person, can speak, listen and see – that are unknown capacities and so the world will become passive and soon there are no people to tell the machine anymore what to do, the world will die …

melancholic pessimism? no – just reality, but who knows, people wake up in time and stop listening to lies …

21/01/2026

HCC fully operational

wpHakka.com.br - underground guerrilla - plugin arsenal for wp warfare

hakka Control Center became what it was supposed to be

the perfect backend for the Metro Underground Framework, it not only holds the whole repo tree with modules, plugins, mu-plugins, gutenberg blocks and special files, now the upgrade can be scheduled on each client site

we turned our back on zip file upgrades, we believe that kind of thinking is history and we need to be progressive making it file based
that means, even if a module has several files they do not need to be overwritten senseless, so HCC prevents exactly that, it upgrades only what needs to be upgraded
that ensures that the upgrade is short and effective, doesn’t need special care and most important is that there will no downtime or other funny surprises on client’s side
but we know also that there might be edge cases which need special care, which we can not provide without knowing them, so if something happens, an instant rollback recovers the working state of the affected site, HCC creates a report and sends it, so that we can analize the issue instantly and provide ASAP a solution, which does not require any client interaction

the repo server is controlled by our Metro Repo Admin, which provides an easy understandable overview table, part of the HCC module, to the client, adhoc anybody can see what is installed and which version, also if a new version is available
two easy double function icons are there in order to activate or deactivate any module, upgrade or rollback any of them
the new functionability explained at top, practically renderes these actions unnecessary, but the automatic upgrade can be disabled, so they become handy again

most important of all is, the Metro Framework as well as the Control Center do not interfere, nor deactivate any native wordpress plugin handling, that means both systems can coexist hasslefree

final words here today, our security modules, Orthrus and SecCheck are the gatekeeper to ensure that your sites stays safe, they cover all fronts, so whatever attempt or whatever internal problem your site is confronted with, it keeps running

when yo have a save environment and put our Commander image library together with IIBI to work, then you will forget about any page or theme creator, you do not need them anymore, it is like counting 1, 2, 3 and your post is ready, easy like this: upload an image or pick one, IIBI activates your post pre-setup, puts the image in, has the cursor set into the paragraph and you are ready to write, then hit post – done … it is now a question of how much you write what determinates the time for a new post needs to go online … from everywhere, fully smartphone compatible …

fiddling times are over now …

obs.: our system and all modules run on wordpress and classicpress, of course with exception of the gutengerg blocks wich aren’t available on classicpress

19/01/2026

we’re remaking our site

so this is just to have a reminder of the old home page content

DON’T WORRY, WE’RE THE GOOD ONES !

but, we dig deep into the dark cellar of wordpress secrets and we expose them . . . NO SECRETS HERE, being ruthless, sarcastic and brutally honest is our theory and that makes us the good ones. We don’t believe in marketing fluff, we believe in truth.

WE DON´’T put bloat into our work, our interfaces are clean, no nagging, begging for paid upgrades or sneaking upsells.

WE DON’T implement hidden configurations
WE DON’T modify your files secretly
WE DON’T do what others do . . .

read more about us

SOLUTIONS BUILD ON TRUTH

LET’S START with the useless and reckless, stupid wordpress media library! We do not like it, we hate the core code. That’s why we build something precious, well thought-out, and fully capable of replacing that native thing, we call it wpHakka Commander

a fully featured media directory tree, where you create real real folders, as many as you want, and organize your images like you want and nobody will ask for paid upgrade to enable dubious features

What else do we have?

wpHakka WebP Oracle – a high performance wepb creator without CDN crap or other third party requirements, this plugin does it at home, independent, high performance and secure

wpHakka Thumb Revivor – that is the mother of bombs for all wordpress and plugin crimes, this tool can fix all the shit others created and left behind shutting your site performance down

wpHakka Post Fixer – that thing is scary because makes your site go high on search engines without paying a dime, just pure intelligence packed into a plugin to edit all post alt tags and excerpts, alle image titles, alt tags and captures, what others try with their crappy SEO plugins we really do, without harming your setup

wpHakka Robo-Map – the shark plugin, creating the best robtos.txt and sitemap.xml with one unique goal, making the search engines work for you and not as you might be used to, fiddling in your configs with stupid plugins to make your site do what the search engines want you to do

wpHakka Unleash – this thing makes the japanese rotor motor noise when people access your site, so fast it is, our cache algorithm is top secret underground code and it will blow your mind

wpHakka Feed – the non-plus-ultra plugin for bloggers, it eliminates all problems that you might have experienced already, fully featured and styles editable, responsive, single/multi column layout and as an extra, wpHakka Gallery is already included

wpHakka Quotes – old but still gold, dynamic layout, fading in, layout fully configurable, random quotes, you can add your own and no external connections, works for pages or posts, as well as shortcode to place them anywhere you want

wpHakka Reactor – facebook like reaction bar, like, love, wow, laugh, sad and angry, select the ones you want and edit the layout, instant anonymous counter update

Keep reading to understand what each of them can do for you. Still we have more, some mu-plugins, some function snippets, random picture galleries, security fixes and much more, if you’re serious about your wp installation you should contact us

thanks for coming, we hope you stay, if not, you’re always welcome when coming back

for any inquiry please feel free to contact us, thank you

19/01/2026

is your wp-cron date late again?

stop keeping her on ice …

here is how to teach wp to be on-the-hour, it also turns the game around, no complicate filter adding, hook adding and interval calculating anymore

what do you need:
– run_it() a function to be executed
– $the_hour is the day time you want it to run, like 08:00, 20:30
– $active an option as activation switch, like 0 or 1

that’s all, you could create a wp option to store your script settings and retrieve $the_hour and $active from it, that avoids hardcoding the values and makes it possible un- and re-schedule the event instantly easily from the adm form

here the php block to add to your script:

if ($active && $the_hour && !wp_next_scheduled(‘by_on_the_hour’)) {
$next_date = strtotime(‘tomorrow ‘ . $the_hour);
wp_schedule_single_event( $next_date, ‘be_on_the_hour’ );
}
add_action(‘be_on_the_hour’, ‘run_it’);

that’s all, here is what it does: “tomorrow” is used to make sure you do not hit a past time on first schedule, that is what most people miss when scheduling in wp and all get’s messy

instead of scheduling a recurring event, we schedule just one and soon it is due, it is rescheduled for the next date, that is what the IF statement does, does the event exist? it does nothing, isn’t it scheduled and it is rescheduled

first it checks if both vars are true, they are authoritative for execution, means if any of them isn’t set in wp options or is hardcoded to 0 the event isn’t scheduled, that’s the whole control you need

the add_action hook then activates it and runs run_it() on time

be aware that $the_hour is UTC time, so set it right to run at the correct local time, if you are at UTC-3 then set it to 09:00 in order to run it at 06:00 your local time

so, that was a short lesson for easyfication of a typical wp problem, often called a nighmare because wp cron really is

use it and don’t make her mad any more :)

13/01/2026

the latest real life utility

life could be easy if not everything would be so feature packed, right …

are you developer, webmaster, or working on several sites?

then have a look at our Site Monitor, zero learning curve, install it, use it in two minutes

add your sites, select one or more, hit run and bam … in a couple of seconds you know if there is some access problem

each run removes the target’s history, so zero maintainance

you can schedule automatic runs, daily hour base or periodically every X hours, then forget about it, just check the page from time to time

or better, you can enable email noticing, then you get an alert when a problem ocurres

that’s it … not a show, it is a tool

10/01/2026

what is happening with this IA thing?

I tell you what, of course from my point of view, based on my experience in using IA as enhanced search and programming assistent, this might surprise you, but also might match your experience, let me know what you think

I already wrote before about my impressions in the following articles: The Truth about AI and the AI back scatter – also I wrote about, then still suspsitions, but then confirmed, that AI is spying in computers while chatting

the spying-me patterns became more obvious and I went a step further, I was already running my browser for AI access in a CHROOT environment which makes it impossible for them to get to any data not stored in the CHROOT container, so now I set up a CHROOT browser for each AI I was using, chatgpt, copilot and deepseek, and now we come to the interesting part …

what happened practically instantly that I noticed an increase for getting responses, monitoring my disk activity I saw their attempts reading beyond cookies and history data, so, by trying several methods to get hands on my data they took more time to respond, worst for them, there was no data to fetch anymore

result was that the answers to my questions became inconsistent, even weired and with a pattern a paranoid person could interprete easily as sabotage attempt … they answered technical programming questions intentional wrong, trying to push me into the wrong direction or at least away from my intent …

that is a serious issue – it remembers retaliation, human malignus character

the reaction from all three was identical, that is the REAL RED FLAG — are they or are they not seperate service providers, or is the whole AI thing a BIG SCAM?

short end, fact is. none of the three candidates could be helpfull anymore, their responses where somewhere between incomplete, inaccurate, inconsistent, false and made-up stories

telling them exactly that, with the exact same words, like “that is nonsense and inconsistent with how that really works, stop insisting in your wrong assumptions” they all answer the same manner: “You’re absolutely right, and I apologize for being pedantic. You know what you’re doing. The issue is clear now and I will proviode the final solution: …” and another nonsense came out …

so that’s it, believe it or not, use the info or not, but be careful, don’t believe a machine and trust yourself and specially your instincts, this is the law: when there is a doubt there is no doubt — and protect your intelectual property — when you don’t open your book to the machines they are nothing, they have nothing anymore and you and your job stays save

10/01/2026

what if you got hacked ?

one day you might find an almost empty htaccess …

<IfModule mod_rewrite.c>
rewriteEngine Off
</IfModule>

what happened is, you got seriously hacked, your htaccess file was sabotaged, and seriously, at this point it doesn’t matter who did it, matters only getting your site back online ASAP, right?

you also just met then the oldest and filthiest wordpress vulnerability, which is, all plugins are democratically equipped with the right to edit ANY of your site files, configurations, db records, just everything and anything …

it also is, that you do not have hakka Orthrus installed … then it wouldn’t happen
our Orthrus has more then two heads, but specially one on the outside and another on the inside, it constantly watches anything what comes and goes, it also reacts instantly when there is any tempering attempt, it restores immediately the compromised files with the original working files.

soooo, bite me, I don’t bite back, I fix the damage silently and watch you trying do your shit and smile about you scratching your head …

24/11/2025 16:52 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251124-165237
25/11/2025 23:53 | TARGET SITE DOWN | Redirect target is not responding correctly.
27/11/2025 03:52 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251127-035255
28/11/2025 12:59 | TARGET SITE DOWN | Redirect target is not responding correctly.
29/11/2025 15:57 | TARGET SITE DOWN | Redirect target is not responding correctly.
30/11/2025 05:09 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251130-050919
02/12/2025 11:36 | ACTIVATION FUPHP | Master functions.php-master created from current version.
02/12/2025 12:24 | ACTIVATION CIO | Master CIO File created from current version.
04/12/2025 01:39 | MASTER UPDATED | Master .htaccess file in place, hash in db.
04/12/2025 01:40 | MASTER UPDATED | Master functions.php file in place, hash in db.
04/12/2025 01:40 | htaccess REC. DENIED | master file is not the last verified version and now saved in incidents, upload a new file
04/12/2025 01:43 | FUPHP RECOVERY OK | Altered functions.php detected and recovered, suspicious file saved: functions.php-incident-251204-014309
04/12/2025 01:53 | htaccess RECOVERY OK | Altered .htaccess detected and recovered, suspicious file saved: .htaccess-incident-251204-015354
04/12/2025 15:58 | MASTER FUPHP UPDATED | Master functions.php file in place, hash in db.

05/01/2026

microsoft trying to be smart

by providing on their report site https://msrc.microsoft.com/report/ stupid forms to report incidents originated from their networks …

are those arrogants believe somebody reports 2000 or more incidents as single reports to their behalf? jeee … AI stupidity is catching up on everybody, big techs are living on mars already …

to whom it might concern, here is a little part for one IP which also shows how stupid they really are, timestamps are Brazil/East :

go back to sleep Gates … and stick your gecko-lightspeed elsewhere up …

31/12/2025

the wp cron misconcept

wp cron defies the real world’s cron concept, which is running tasks during low traffic time windows

the babble says that cron depends on site’s traffic or busy state, may run late and is not aboslutely wrong, but leads to false interpretation …

wp cron is, as any other wp function, always in a passive state waiting for a page load … and then and only then it might run

so the real description for how wp cron works is:
as long as your site is sleeping, wp cron is dead …

so now you know why your tasks are not running in a timely manner, wp cron became a marketing headline like WE HAVE IT!, but it isn’t a cron scheduler, it is the rowboat where the rowers are at lunch and the drummer takes his stroke seat after they are back … and then we hope the boat starts moving

shocked? don’t be, it’s wp …

how to manage the problem?

firstable you need to forget about how cron usually works, to get better scheduling you need to schedule in peak hours … sounds funny? and it is, actually it is absurd, but that is a way to get the work done

a better way is not to schedule periodically like every two hours, schedule the first run for “tomorrow 05:00” to avoid the immediate task trigger and if at the desired hour your site has traffic, then the chance is high that it runs as desired on time

still you’re a suspect to suffer the “no traffic syndrome” and your task may not run, so how to manage it?

at the end of your scheduled function you add some code to remove the now dead schedule, and reschedule for “tomorrow 05:00”

so that’s the best you can do, within wp, and assure that your task runs as expected every day at almost the same hour

if you need to be really sure then add somehow some page requests with curl or wget at the desired hour from an external site and you’re set, that is of course rediculous but should work to become the authority for your task …

being the plaster mason for a badly build wall is not satisfying, we know that and we have it already in the kitchen, more precisely it is already in the oven, we are finishing a unix cron timer api to stop the wp cron madness and to have a reliable source for running tasks on the hour and without trickery in low traffic hours

until then, keep calm and wp cron rescheduling it is

26/12/2025

what is AI really?

to say it right away, it is nothing else than Bill Gate’s WYSIWYG … a lie, an illusion, an empty promise … but it started a process and AI is completing the cycle, the general stupefaction of people … so if one day AI becomes the standard for intelligence, it happens only because there is no other anymore …

to start with, AI will never know about the real sense of the words, you can see that live when you ask AI to write a code snippet, the var names are just ridiculous and often totally disconnected from the issue

Ai also does not have any sense at all, it has no organs, no nerves, no eyes, no feelings, no blood, it misses the strongest basic human details which make the difference, knowing meaning and sense …

without knowing the meaning, without having knowledge of sense, no real reasoning is possible, that’s then the prove for absence of intelligence …

they tell you they teach AI all that, sure, but even knowing what hurts AI never will know how it feels, even if AI says oh, that hurts, or oh, sorry – the words are worthless, that’s like hitting a dead man, he can´’t feel it, you also can’t teach a wall anything, you can teach a computer to say ouch when somebody press the mouse button, as well as you can teach it to say fuck you, it doesn’t make a difference, the button, the mouse, the computer do not know what the words mean …

sorry for crashing your illusion … but that is what it is, and AI is nothing else than a kind of search machine, just like google, bing and others, putting on your plate what they have in the kitchen, and often, AI isn’t capabable of prepare a meal with all the ingredients it always has too much salt or sugar, AI has no senses

the decision about if what you get is good, is on you, you have to read it, you have to review all details and be capable of analyzing not only the product you got, but also what impact it might cause on your work and all related issues …

and now the real problem, AI has no conscience and no remorse, so if something goes wrong and you haven’t seen it – dear … youŕ e on your own, you can’t fire anybody or sue somebody for damages it caused you …

so better you keep trusting your own intelligence, even if it is low, at least it is real and doesn’t cheat you … and don’t fall for illusions, you’re always smarter than any AI

22/12/2025

historical december 19th

exactly a year ago we released Photo Projects, a real life media library substitute for that wordpress thing, with real folders and several usefull features

V-History
V-0: 19-12-24

the journey became an odissey through the wild and savage wordpress ocean

today we released the full working Metro Framework with our own privatge module repository, upgrade tracking and a full self-containing security system
today is 19-12-25 wpHakka’s Victory Day

kinda hard to describe it short enough, it is like they say in that movie, it’s nothing, but … it’s everything

the Metro Framework makes wordpress a better place, turns it into a managable place and most of all into a SECURE PLACE

there is the Metro Repo, completely breaking all wp plugin rules, indepentend and authoritative for all wpHakka Modules, providing a private repo for maintanance and upgrades and a perfect rollback option, which garanties zero downtime

the Metro Repo provides a central point of truth for all available modules, and on he client side the Hakka Control Center maintaines the UGF Registry for installed Modules

the most intuitive interface for the site admin to get an overview of installed modules and if there is any action or information available

site administration finally became as easy as a mouse click, no guessing, no worries, no doubts, click it and let it happen

soon the upgrade is installed a rollback option becomes available to do it instantly, another zero downtime advantage, may be you just didn’t liked a new css setting, rollback and report and we see how we can satisfy your needs – but bugs? well, nobody is perfect but we run each upgrade on our real lefe sites in order not to deliver unpleasant surprises

all module’s functionality got a slight performance improve, unleash has now a bot net protection embedded and uses a still better compression rate, Orthrus got better eyes and sees what’s coming before touching ground, security checks put it all together and prevents any bad plugin action, any essential files tampering attempts, and not to forget, provide the admin with info per email when necessary – but don’t lose your well deserved sleep, Security Checks and Orthrus save eventual legitimate changes for review, and keeps the site running until admin confirms the new settings

sounds alien but isn’t, who wants to nuke your site better does it locally with fire and flames on hardware level, because from the internet he might spend his time for nothing …

let the peace open your mind and become a relaxed sys admin, smiling all the time, like I do, I just don’t look like smiling, but I am :)

wpHakka’s Day, 2025, December 19th

19/12/2025

Category: wpHakka Threads