Site icon

How to resolve WordPress Pharma hack?

WordPress Pharma hack

You are here because you see strange links and ads for Viagra and Cialis on your WordPress website. Did we get it right? If yes, then, unfortunately, your website has been infected with SEO spam. This is a prevalent form of Pharma hack WordPress. Many WordPress websites have fallen victim to this Viagra and Cialis hack.

Since this pharma hack WordPress is a notorious hack, removing it is not always straightforward. Most times, the infection keeps replicating itself, so the hack will persist in your WordPress website unless properly cleaned. With this guide, we will help you understand the hack and how to get rid of it properly.

What is WordPress Pharma hack?

Since drugs like Viagra and Cialis are banned from advertising online, attackers use websites with good SEO ranking to promote these. If your website is vulnerable, they bypass the website security to insert backlinks to shady websites selling these drugs. So, when visitors search for your website, they are met with this spam content and links. These links are sometimes manually added to multiple pages and location on your website. However, in most cases, the attackers add malicious codes that keep regenerating these links even after manually removing them in order to benefit from your website’s SEO juice longer.

What is the impact of Pharma hack WordPress?

If your WordPress website is infected with SEO spam, then things can get pretty bad very quickly. Below are some of the impacts of this hack:

How to identify pharma hack WordPress?

Steps to fix WordPress SEO hack

This hack can be tricky to remove, but the below steps will help you do that.

1. Take backups

Keep a complete backup of your website in a secure location. During analyzing or editing the codes and files of your website, one can use this backup to restore the website if something breaks. The backup should necessarily have the core files, plugins, database, and themes. Once you have it, you can go about with the cleanup process without any worries.

2. Scan your website

Use a professional malware scanner to find malware on your website. This will save you a lot of time and expedite the cleanup process by pointing out the infections’ location.

3. Removing infected files

Using either FTP or file manager, connect to your hosting server and browse through the files in the wp-content folder. If you find any files with extensions such as “.old”, “.class”, or “.cache”, remove them since they were meant to be hidden and probably would be the infectious files.

4. Cleaning .htaccess file

This file serves as the configuration file for the server. Attackers can use this file to install backdoors since it decides how the server processes the requests. And through these backdoors, the malware can replicate even after deleting it from your website. A sample infection code can be as below:

Sample Infectious code

If the “.htaccess” file is beyond salvageable, then you can regenerate a clean file by following these steps:

In your WordPress dashboard, go to Settings and click on Permalink

Save the generated file

5. Remove malicious code

After making sure that you have a complete backup of your website, go through this comprehensive guide on WordPress hack removal for the step-wise diagnosis of your website files.

Here are some steps you can follow to clean your database:

Some examples of malicious entries are:

Pharma hack WordPress takes place by injecting harmful code throughout the website. Once you figure them out, you can remove them. A sample code would be like this:

Sample code harmful to the website

Such codes will keep redirecting you to the attacker’s websites. So if you find any unknown website or domain references, remove them from your website.

Another trick used by attackers is to hide their links in base64 format to avoid any apparent detection. The below code can solve this issue by scanning your PHP files and finding any base64 encodings. Then you can use online tools to decode them and reveal the actual links.

 

Finding Base 64 encoding

Conclusion

Hopefully, the above steps have helped you remove malware from your website successfully and up and running. It is pretty evident that manually doing all the stages is complex and requires some expertise. You can skip this for professional help. Astra Security can take care of all the heavy lifting for you and give a clean and secure website in less than 8 hours!

Exit mobile version