Due to the open nature of wordpress platform, it is often a target for hackers. This article will explain a common hack (attack) on your wordpress websites and how to fix and prevent it :). I will be describing how to go about “Fixing WordPress Pharma Hack”
I got contacted by my client who complained that when she googles her website advertisements of drugs with mentions of “Viagra” and “Cialis” show up. She has an ECommerce website for Modern Shoes. It does not make any sense.
I had a good idea that her site has been compromised. It is pretty challenging to figure out what happened and how. After extensive research on “Fixing WordPress Pharma Hack” I came up with a solution.
Special thanks to the post by “Sucuri”. It really explains it and how to fix it in a very professional way. I highly recommend reading the post. I will explain how I found the issue and How I fixed it with my particular scenario.
As like with most other things I will be explaining “Fixing WordPress Pharma Hack” in FAQ style. I like that 🙂
What is a WordPress Pharma Hack ?
It is a combination of some malicious code that usually resides in some infected files on your hosting account. Data that gets displayed on your site or visible to Google bot seens bad data and some links to buy drugs online actually resides in the WordPress database.
Where do I find the malicious files ?
The usual suspect is the “plugins directory”. Hackers for this particular attack like to hide their infected scripts inside of some active plugin folder as php files. Look for “odd” file names like. “Uploads” directory is also a common place for these. As Sucuri points out some examples are:
wp-content/uploads/.*php (random PHP name file)
Note: You should scan all your php files and look to know actually the code is