Diagnose, Fix and Prevent WordPress Pharma Hack

It Sucks To Be Hacked!

Last week, I noticed that the traffic on one of my sites was considerabily down. Putting it down to my not posting enough, I left it for a few days, but then I noticed that it sank even further. After a little bit of digging and self googling, I noticed that all the titles in my search rankings on Google were completely poked. Suddenly, according to Google, I was selling dodgy pharmaceuticals! I then realised that I had fallen victim to the infamous WordPress Pharma Hack!


What The Pharma Hack Does

Fixing The Hack

Preventing The Pharma Hack in 3 Steps

After you have found the root cause and removed it, it’s time to tighten up so it doesn’t happen again. Here is a simple 3 step guide to prevent your site from falling victim:

  1. Set permissions of all files to 644 and folders to 755.
  2. Install plugins to alert you (see below).

I installed a couple of plugins, some of which monitor my WordPress files and alert me of any changes, and others that scan my blog for any security holes. Some plugins to check out are:

  • WordPress File Monitor - Monitor files under your WordPress installation for changes. When a change occurs, be notified via email.
  • WP-MalWatch - WP-MalWatch is a WordPress security plugin that performs a nightly scan of your WordPress blog looking for evidence of malware.
  • TAC (Theme Authenticity Checker) - Scan all of your theme files for potentially malicious or unwanted code.
  • Audit Trail - Audit Trail is a plugin to keep track of what is going on inside your blog by monitoring administration functions. It does this by recording certain actions (such as who logged in and when) and storing this information in the form of a log.
  • WP Secure - WordPress Security Plugin - Perform over 23 Basic Security Activities for your blog and get a free malware scan at the same time!

Time to Recover

Once you have done all the above, and completely removed the hack, you need to get Google to re-crawl your site. You can do this easily enough using Google Webmaster Tools. My hacked site is slowly but surely coming right again, but I can honestly say, this has caused more damage than good Prevention is definitely the best option here!


If you need a hand cleaning out the Pharma hack from your site, or you have managed to get rid of it, so we can all learn from this, and hopefully prevent attacks like this in future.