How to Fix the WordPress Pharma Hack

Learn how to to find and fix the malicious WP Pharma hack that targets vulnerable WordPress sites with a SEO spam attack.

Did you Google your WordPress website and find a strange pharma title appended to it in the search results? Yes? Then your WordPress website has been compromised by the WordPress Pharma Hack!

WordPress CMS powers more than 43% of all websites on the Internet. Its popularity has attracted many hackers and SEO spammers looking to profit from legitimate and well-established websites with high traffic and search engine visibility.

Hackers use a variety of malicious methods to attack a WordPress site, causing financial and trust issues for your company and its growth. Such attacks may also result in a drop in the number of website visitors or search engines displaying warnings before accessing your WordPress website.

To understand what this hack is all about and how you can get rid of it, this article will help you with all your queries. So, let’s dig in!

What is the WordPress Pharma Hack?

The WordPress Pharma Hack sometimes referred to as the Google Viagra Hack, is a black hat?SEO spam?technique, where hackers use a genuine website to sell illegal and banned medicines or drugs to the public.

Whenever a WordPress site is infected with a pharma hack, it displays pharma ads and content for selling drugs like Viagra, Nexium, Cialis, etc. The text and images as a result of such a hacking attempt are not always easily visible to the site owner or other users. They are disguised very cleverly such that going to the website and having a quick scroll through will not show anything suspicious. However, checking your site on the Google (or other) search engines will show different (pharma) text or headings for the legit site.

How Does the Pharma Hack Work?

Pharma hacks mainly target vulnerable WordPress sites (the ones which lack recent updates, have misconfigured or neglected?WordPress security, and have flaws in coding, etc). Then, they use blackhat SEO techniques to advertise their content on illegal medication. As a result, they are able to use other websites’ keyword rankings to drive traffic to their own.

The code for such hacks is usually hidden within the CSS files of the site and possibly in the frontend. Such attempts ensure that you are not able to view such additions on the HTML. However, search engines use crawlers to scan for malicious code, which, if found, will lower your search engine ranking and get your site blacklisted.

The difficulties arise from finding out the malicious code that makes the pharma hack active on your WordPress site. To know you’ve been hacked, looking up your site on a search engine like Google should suffice. Finding out the problematic code is a bit more difficult, since manually going through everything may not work if you’re not a professional.

Why do hackers compromise WordPress sites?

If you're wondering why hackers target WordPress sites, there are a few possibilities, and any of them could be true:

• To sell or promote drugs or illegal medications
• To redirect a legit site to malicious links
• To use your website for hosting phishing pages

Your site has a high Domain Authority (DA) and a low Spam Score; the goal is to use this to fool Google's PageRank system into promoting the hacker's malicious site that sells illegal drugs. The higher the DA, the more likely the hacker's site will be in Google's good graces.

What Impact Does the Pharma Hack Have on Your WordPress Site?

A hacked WordPress site with the Pharma hack can give website owners nightmares. If your WordPress site is infected with this hack, you may experience the following consequences:

• Your website gets blacklisted by Google and displays?an alert message?in search results for all visitors.
• The PageRank of the site gets affected and if you don’t clean your site for a long period then the spam score for your website will be increased and the entire site will be treated as a spammy site by Google.
• In some cases, Google can also ban your website from displaying in search results – but don’t worry this happens in extreme cases.

All of these implications necessitate doubling your efforts to return to your original position. So, here are a few things you can do to deal with the pharma hack.

How to Fix the WordPress Pharma Hack?

The best part about this hack for hackers is that it is difficult to detect and thus can remain on your website for an extended period of time. You may not notice any symptoms of the WordPress pharma hack, but your site may be under the control of hackers.

You must scan the code, identify the vulnerabilities on your WordPress site, and then restore it. To do it yourself, follow these steps:

Step 1: Create a Backup for Your Website

It is always a good idea to create a full backup of your WordPress website before fixing any bugs or vulnerabilities. This allows you to easily undo changes if something goes wrong while cleaning the website. This backup must include all of your website's core files, plugin and theme files, and database.

Step 2: Scan the Website for Malware

Once you have backed up your data, the next step is to perform is to?scan your WordPress website. There are a plethora of tools available for scanning your website, like?VirusTotal?for flagging the infection or?Astra’s Malware Scanner?for virus scanning, and so on.

All the tools are efficient enough to scan for vulnerabilities on your website. This process will mark all the suspicious files and codes in a short span of time and help you to remove the malware rapidly with convenience.

Step 3: Remove the Infected Files

Navigate to the /wp-contents/ directory after connecting to your host server via FTP or file manager and look for hacked files or plugins. These files have words like .class, .cache, .old that look similar to plugin files.

The presence of dot (.) in front of the file name makes them hidden and are not visible till you select the ‘show hidden files’ option. Remove all such hidden files.

Step 4: Clear the Temp Directory

Hackers use the temp files and folder to avoid corruption during the malware implantation on your WordPress website. The /wp-contents/temp/ directory can generate temporary files for the WordPress pharma hack; it is advised to clear this folder in case you see suspicious entries.

Step 5: Check the .htaccess File Content

The .htaccess file is a configuration file for the server that defines how server requests are processed. Attackers can use these files to hack into your website. Search for the code given below or regenerate a new .htaccess file from the WordPress dashboard.

Step 6: Removal of Malicious Code from Your DB

Again, every time you work with your website’s database, it is mandatory to take a backup. Working with the database is a sensitive step, and a backup would help you to roll back the changes if something goes wrong.

For cleaning the database manually, follow these steps:

1. ?Go to your phpMyAdmin panel
2. ?Select the database
3. ?Click on the wp_options table
4. Search for the malicious entries that could be present in your database. Some of the common entries are:

• wp_check_hash
• Class_generic_ssupport
• widget_generic_support
• Ftp_credentials
• ??rss_%

Be cautious and do not delete any other important information from this table, as it could cause your site to crash.

WordPress Pharma Hack can totally destroy your WordPress website's name, fame, rankings, and revenue. It is difficult to detect, exacerbating the situation. However, you can prevent such attacks if you protect and secure your website by implementing the necessary security measures, such as protecting your site with a website firewall or regularly scanning your site with malware scanners.

If your site has been infected with a Pharma hack and you are unfamiliar with the technical procedures for cleaning it up, it is always a good idea to seek professional assistance.