What is the Pharma Hack and how can you protect and prevent this attack? It should be noted that the hack only affects WordPress websites.
First let’s discuss the 3 different sides to this hack.
1.) The results of the hack are only visible to search engines not the publicly facing portion. The goal of this hack is to gain valuable links from your pages. You’re not going to be able to see the hack by just looking at the page.
2.) To make this hack more difficult to find and eliminate it places the majority of its malicious code in the WordPress database.
3.)It typically targets only your high ranking pages on your WordPress website.
How do you know your WordPress site has been hacked?
Head on over to Google and type (without quotes) “sites:yourdomain.com “viagra” and if you have been affected by this you will notice your webpages show up. Now these may or may not have incorrect descriptions and titles as a result of this hack.
Now that we know the what let’s talk about the how.
Basically, it consists of two parts.
1.) Malicious files in the WordPress plugins folder
2.)Encrypted code in the database
The plugins folder houses the code that will run the encrypted code hidden in your database. It’s entirely dependent upon the plugins folder.
How to remove the Pharma Hack completely
For this I highly recommend getting a trained professional to remove this. You may start by inquiring with your hosting provider. If not and you’re feeling frisky there is plenty of information online tackling this question.
How to prevent the Pharma Hack in the future
To prevent this attack you will need to look at 3 different areas.
1.) A backdoor to your database
This is the first step in the infection. You will need to clean this up first and foremost.
2.) A backdoor in one or more plugins
After being granted access to the system, a file is generated inside one of the plugins. This should be the next step in removing the hack.
3.) A backdoor in the database used by the plugins
This will be the last cleanup you should tackle but it’s equally as important as all the others. This is the hiding space for the spam.
Of course once this has all been completed it’s very important to set secure passwords for everything. Get rid of the default username of “Admin” and use a password generator to generate a secure password that is less likely to be targeted by a dictionary attack .