How to resolve WordPress Pharma hack?

You are here because you see strange links and ads for Viagra and Cialis on your WordPress website. Did we get it right? If yes, then, unfortunately, your website has been infected with SEO spam. This is a prevalent form of Pharma hack WordPress. Many WordPress websites have fallen victim to this Viagra and Cialis hack.

Since this pharma hack WordPress is a notorious hack, removing it is not always straightforward. Most times, the infection keeps replicating itself, so the hack will persist in your WordPress website unless properly cleaned. With this guide, we will help you understand the hack and how to get rid of it properly.

What is WordPress Pharma hack?

Since drugs like Viagra and Cialis are banned from advertising online, attackers use websites with good SEO ranking to promote these. If your website is vulnerable, they bypass the website security to insert backlinks to shady websites selling these drugs. So, when visitors search for your website, they are met with this spam content and links. These links are sometimes manually added to multiple pages and location on your website. However, in most cases, the attackers add malicious codes that keep regenerating these links even after manually removing them in order to benefit from your website’s SEO juice longer.

What is the impact of Pharma hack WordPress?

If your WordPress website is infected with SEO spam, then things can get pretty bad very quickly. Below are some of the impacts of this hack:

  • A substantial drop in SEO ranking by search engines
  • Increasing bounce rates due to redirection of visitors to different sites
  • The dreaded red screen of blacklisting warning by search engines
  • Blacklisting of your website by hosting services and email providers
  • A high cost of professional cleanup
  • A massive blow to your brand image and prestige

How to identify pharma hack WordPress?

  • Using a scanner:This is the fastest and the most accurate way to identify if your website is infected by SEO spam. Scanners like Astra Security’s Free Spam detector can automatically scan the entire website and show if your WP website has been hacked with a Pharma hack or SEO spam. It also tells you if your website has been blacklisted.
  • Using User-agent switcher tool:In some sophisticated versions of WP pharma hack, the infected pages are hidden on search engines. Identifying search web pages is not exactly easy. But there is a way to do it — by using the user-agent switcher tool. User-agent switcher tools work on the principle that – even if the hacked pages are not visible to search engines, they are accessible to user agents. There’s one for chrome and firefox, Go to the webpage and analyze the page source to identify the hack.
  • Using webmaster tools:You can use the Google webmaster tool to fetch and render the codes to check for anything suspicious. Sometimes you also receive an email from Google about these malicious URLs.
  • Searching in Google:The most straightforward way to check for pharma hack WordPress is to use the “site:” keyword along with your website name. This will show pages only for this particular website, and if you find any strange links or references, you will know it’s infected with SEO spam.

Steps to fix WordPress SEO hack

This hack can be tricky to remove, but the below steps will help you do that.

1. Take backups

Keep a complete backup of your website in a secure location. During analyzing or editing the codes and files of your website, one can use this backup to restore the website if something breaks. The backup should necessarily have the core files, plugins, database, and themes. Once you have it, you can go about with the cleanup process without any worries.

2. Scan your website

Use a professional malware scanner to find malware on your website. This will save you a lot of time and expedite the cleanup process by pointing out the infections’ location.

3. Removing infected files

Using either FTP or file manager, connect to your hosting server and browse through the files in the wp-content folder. If you find any files with extensions such as “.old”, “.class”, or “.cache”, remove them since they were meant to be hidden and probably would be the infectious files.

4. Cleaning .htaccess file

This file serves as the configuration file for the server. Attackers can use this file to install backdoors since it decides how the server processes the requests. And through these backdoors, the malware can replicate even after deleting it from your website. A sample infection code can be as below:


Sample Infectious code

If the “.htaccess” file is beyond salvageable, then you can regenerate a clean file by following these steps:

In your WordPress dashboard, go to Settings and click on Permalink

Save the generated file

5. Remove malicious code

After making sure that you have a complete backup of your website, go through this comprehensive guide on WordPress hack removal for the step-wise diagnosis of your website files.

Here are some steps you can follow to clean your database:

  • On the phpMyAdmin page, select your database
  • Click on the table titled wp_options
  • Use the Search tab and look for malicious entries

Some examples of malicious entries are:

  • Class_generic_support
  • ftp_credentials
  • wp_check_hash
  • widget_generic_support
  • fwp

Pharma hack WordPress takes place by injecting harmful code throughout the website. Once you figure them out, you can remove them. A sample code would be like this:

attack domain

Sample code harmful to the website

Such codes will keep redirecting you to the attacker’s websites. So if you find any unknown website or domain references, remove them from your website.

Another trick used by attackers is to hide their links in base64 format to avoid any apparent detection. The below code can solve this issue by scanning your PHP files and finding any base64 encodings. Then you can use online tools to decode them and reveal the actual links.


php code

Finding Base 64 encoding


Hopefully, the above steps have helped you remove malware from your website successfully and up and running. It is pretty evident that manually doing all the stages is complex and requires some expertise. You can skip this for professional help. Astra Security can take care of all the heavy lifting for you and give a clean and secure website in less than 8 hours!

Post Author: Jai

I’m Jai, The man behinds Blogging Coffee. I am a professional blogger, Digital Marketer, and Certified Google Partner. I write about Business ,Tech News,Travel, Food Recipe, YouTube Trending Video and Health And Fitness here on Blogging Coffee.

Leave a Reply

Your email address will not be published. Required fields are marked *