WordPress and Joomla Pharma Hack

We know of several sites that have been hit with the Pharma Hack, which can affect WordPress, and Joomla sites. Bad plugins, dodgy themes and outdated versions of WordPress or Joomla can increase your risk.

Malicious code is hacked into your WordPress or Joomla installation that makes Google display your results as viagra and other pharmaceutical titles. It creates many additional bad virtual pages.

eg

can buy viagra uk – Your Site title
www.yoursite.co.nz/?info=can-buy-viagra -uk

three tabs viagra Your Site title
www.yoursite.co.nz/?info=all-three-tabs-viagra

Buy Purchase viagra Over The Counter Without Prescription …
yoursite.co.nz/location.asp?loc=42

We know of one site with around 20,000 of these malicious and non existent pages listed by Google.

The malicious code is very hard to find and may be present in up to 50 files (or more) on your site. Removal of the code is hard because it is hard to detect where it actually is.

Clean up of your site may involve de-indexing it in Google or reinstalling your site completely from a backup.

Only search results are affected, your actual site pages are not compromised. But if Google thinks your site is hacked, they may penalise it anyhow.

In order to see if your site is affected, go to Google, and in the search box, type “site” followed by a colon, then your domain name followed by a space, then “viagra” and finally hit the search button.

eg site:yourdomain.co.nz viagra

To minimise any disruption if you do get hacked, make sure you or your developer has a recent, restorable backup of your full site installation.

Did I say? Make sure you or your developer has a clean backup!

And as in recent articles, make sure you have secure passwords!

If you have been hacked, get in touch with your developer in the first instance.

Some more information is available at http://whatis.techtarget.com/definition/pharma-hack or search for “Pharma hack”