What Is WordPress Pharma Hack and How Can You Fix It?

No one likes being hacked, least of all being the victim of a WordPress pharma hack. There’s no warning for such hacks either, and your WordPress site is possibly defaced or filled with external redirects to other sites with malware. Pharma hacks usually appear in the form of links to sites that sell illegal medications, making your customers warier and less trusting once they see these links.

The text and images as a result of such a hacking attempt are not always easily visible to the site owner or other users. They are disguised very cleverly such that going to the website and having a quick scroll through will not show anything suspicious. However, checking your site on the Google (or other) search engines will show different text or headings for the site. If you see ads for any illegal medications on the site, then you can conclude that the site is compromised.

If not dealt with quickly, WP Pharma hacks can bruise your WordPress site, the content, and the SEO ranking that you worked hard for. Once your search engine gets a whiff of the malware hidden on your site, they will quickly blacklist it, and that becomes another headache to resolve.

How does the Pharma Hack work?

Pharma hacks mainly target vulnerable WordPress sites (the ones which lack recent updates, have misconfigured security, and flaws in coding, etc). Then, they use blackhat SEO spam techniques to advertise their content on illegal medication, usually Viagra, Cialis, and Levitra, etc. As a result, they are able to use other websites’ keyword rankings to drive traffic to their own.

The code for such hacks is usually hidden within the CSS files of the site and possibly from the frontend. Such attempts ensure that you are not able to view such additions on the HTML. However, search engines use crawlers to scan for malicious code, which, if found, will lower your search engine ranking and get your site blacklisted.

The difficulties arise from finding out the malicious code that makes the pharma hack active on your WordPress site. To know you’ve been hacked, looking up your site on a search engine like Google should suffice. Finding out the problematic code is a bit more difficult, since manually going through everything may not work if you’re not a professional.

Resolving the WordPress Pharma Hack

The longer the pharma hack stays, the worst the long-term damage becomes. Be it search engine ranking, getting blacklisted, or losing customer trust, all of these require double the efforts to get back to where you stood. So, here’s a couple of things you can do to resolve the pharma hack.

1. Scanning for malware

If you have a trusted malware scanner downloaded and ready for use, proceed with this by all means. Most malware scanners available only detect the problem for you and don’t resolve it, or suggest steps to be taken to make sure the problem doesn’t occur again. If you only have the former, we suggest getting one like Astra Security’s malware scanner that resolves it as well. Or, you can move in with manual cleanup, if you’re confident.

With scanning, you usually get ready options to find the infected files, remove or fix them, and you can replace them for extra security (from the main source). 

2. Taking Backups

The next step should always be to get a backup of your site. This will ensure that you don’t lose your original content when you try to clean up manually. If anything goes wrong, you can simply restore the previous version and start again. Business operations need not be interrupted for a long interval, and your preferences, themes, extensions, etc can also be saved. While you’re at, get a backup of your database as well. 

3. Manual fix-up

  • This starts with opening files and reading through most of the codes, line by line. The code may be encrypted, which needs to be dealt with accordingly. Once you find out the code that’s causing the problem, you can remove it.
  • Searching for malware by code doesn’t always work, especially if it’s encrypted. Also, some phrases are worded pretty similar to the codes that you actually need for the database to function.
  • Look out for recently modified files (the timestamps should be visible). Always check the core and theme files since these are the usual victims of such hacking attempts.
  • Using a diff checker works sometimes – compare your site’s file with the original file and check out the differences. These may pop out of the specifications required for your site, so always verify before rushing to delete it.
  • Renaming the plugin directory has reportedly worked in some cases.
  • Scan the database and remove any foreign entries.
  • Replace the core and theme files completely, by downloading from the official WordPress repository (‘wp-content’, ‘wp-config.php’, etc.)

These are a few of the many steps that can be taken to remove the pharma hack. In most cases, such generalized steps need not work. So hiring trained security professionals with varied expertise can help you out with a professional malware cleanup. Post cleanup, secure your WordPress website with an all-rounder WP security plugin.

Leave a Comment