Fixing the WordPress Pharma Hack

Nadejda Milanova

Nadejda Milanova · 29th July 2021·WordPress

Fixing the WordPress Pharma Hack

Have you ever seen a weird title for your WordPress website in Google search results? If so, your WordPress site is a victim of the WordPress Pharma Hack. More than 40% of all sites on the Internet use WordPress as their content management system. This popularity has attracted many hackers and SEO spammers to try to steal your website and make money from it by using shady tactics.

Attackers are constantly changing the ways in which they try to break into WordPress websites. These attacks can lead to trust issues and monetary losses for your business, as well as the sudden decrease in website visitors or search engines displaying warnings before accessing your site.

WordPress Pharma Hack

The WordPress Pharma Hack is an illegal technique used by black hat hackers to spread spam using a genuine website. The goal is to sell illicit medicines or drugs to the public, and these hackers use a variety of techniques.

Whenever a WordPress site is infected, it displays pharma ads and content for selling drugs. Often, the text and images are not easily visible to the person who owns the site or other visitors, but they are disguised so cleverly that nothing suspicious will show up on a quick scroll through the website. Your site may look legit, but the Google search engine will still display the (pharma) text or headings.

How does the hack work?

A pharma hack is the use of blackhat SEO in order to advertise illegal medication. They do this by targeting vulnerable websites, which generally lack recent updates, are misconfigured, or neglected. These sites are then exploited with blackhat SEO techniques to boost their ranking on illegal medication. As a result, they're able to use other websites' keyword rankings to drive traffic to their own.

Trying to hide their malicious code in CSS files or the frontend is a quick way to get hacked. The code is usually hidden and you can't see it in the HTML. However, search engines use crawlers to scan for suspicious code, which, if found, will lower your search engine ranking and get your site blacklisted.

It's not easy to find the malicious code that makes a pharma hack active on your WordPress site. One way you know you've been hacked is to look up your site on Google. Finding the problematic code can be difficult, but often if you're not a professional, manually going through everything doesn't work.

Why Do Hackers Need to Infect WordPress Sites?

If you are wondering why do hackers target WordPress sites, there might be a few reasons.

  • They may want to sell drugs or promote illegal medication.
  • They may want to change your website's links to malicious ones.
  • They might want to use your site for phishing.

Your website is a well-known, reputable site. The hacker is trying to trick Google’s PageRank system into ranking the seller’s malicious site high in the search results to sell illegal drugs. The higher the reputation of your website, the better for the hacker.

What can happen when your WordPress site is hacked with the Pharma hack?

The result of a hacked WordPress site with the Pharma hack can give nightmares for website owners. Here is what you may experience if your WordPress site is infected with this hack:

  • Google does not approve of your website. Even if you don't see a notification, Google will blacklist your site and display an alert message for all visitors.

  • This affects the PageRank of your site, which is just one way Google penalizes sites that do not comply with their guidelines.

  • In some cases, Google can also ban your site from displaying in search results.

When hackers infiltrate your website, it could take double the work to get back up to speed. So here are a few things you can do to resolve that.

Fixing the WordPress Pharma Hack

This hack is not easily detectable. If you don't see any symptoms, the site may already have been hacked and you need to scan the code for vulnerabilities, check if your site is under control of hackers, and restore it. You need to follow these steps:

1. Create a backup

Let's make sure you have a backup of your website before fixing any problem! It is always important to have a backup of your WordPress website just in case something goes wrong. Create a complete backup of your site, including the core files, plugins, themes, and the database.

2. Scan for malware

You're backing up your data now, but before you do, you need to scan your WordPress website for malware. There are plenty of tools out there for this, like VirusTotal to flag malware or Astra's Malware Scanner for virus scanning.

All these tools can scan your website for vulnerabilities. They will highlight any suspicious files or codes and help you remove malware rapidly with their convenience.

3. Remove Infected Files

In the /wp-content/ directory, look for files that look like they are plugins or have words in them like .class or .cache.

Hidden files are those that start with a dot (.). If you want to show them, you have to select the ‘show hidden files’ option. Get rid of all hidden files by removing them.

4. Clean-up the Temp Directory

Hackers use the temp directory to avoid corruption when they are hacking your WordPress website. Check for suspicious entries in the /wp-contents/temp/ directory; if you find any, remove them.

5. Re-check the content of the .htaccess file

The .htaccess file is a configuration file that defines how server requests are processed. Attackers can use these files to hack into your website. You should check for any malicious code and regenerate a new .htaccess file from within your WordPress dashboard.

pharma hack code

6. Removing Malicious Code from Your DB

It is always best to back up your database before you start working with it. Working with the database can be a sensitive process, and if you need to undo any changes, a backup can be helpful.

  • Go to your phpMyAdmin panel
  • Choose the database
  • Click on the wp_options table
  • Search for the malicious entries. Some common entries are:

  • wp_check_hash

  • Class_generic_ssupport
  • widget_generic_support
  • Ftp_credentials
  • rss_%

Be careful as not to delete any important information.


If you run a WordPress site, then you may be in danger. For example, WordPress Pharma Hack can take away the name, fame, rankings and revenue of your site if you are not careful. It is hard to know when this type of attack is happening, but if you protect yourself by implementing the right security measures like a website firewall or scanning your site with a malware scanner then you can prevent this type of attack.

If you're not sure how to fix your site that's been hacked by the Pharma, it's always a good idea to get help.

Nadejda Milanova
Nadejda Milanova

An experienced Content creator in the field of Search Engine Optimization (SEO) and WordPress. A true proffesional with a Master's degree focused on journalism.

Read more by Nadejda Milanova
Jivo Live Chat