Pharma Hack through Pro Theme...

Hey guys. We've been, three times now, the target of the WordPress Pharma hack which affects the search engine listings such as google and bing to redirect our website to an online store that sells Viagra.

I was able to go through all my plugins remove, reinstall, and refresh WordPress, check through all the wp-contents and wp-admin, etc... files and there were no issues with them. I religiously update WordPress and every plugin I use and only use a handful of plugins which are regularly updated and very popular (such as Yoast SEO, Jetpack, Wordfence Security, etc...). Last time this happened (two weeks ago) the only thing that returned my access was by switching the theme from 2.4.3 to 2.4.4. There may be a vulnerability in your theme that's affecting this. Just wanted to bring this to your attention as it is repeatedly happening with this site with your theme and none of the others I manage using different themes but same plugins.

Please let me know if you're aware of this or have any ideas on a fix...



  • Hi, @greensunrising

    Can you please share your site URL, so that we can take a close look how your site is responding.


    Presently Google is not affected by it as my temporary fix has been to re-upload the latest theme again under a new name and then apply. Then I delete the old one through my file manager on the server. This allows me access again to make changes and Google properly directs. I assume based on my temporary fix that it is something with the theme. The hack seems to embed itself once a week or so. It's really annoying because it keeps deactivating plugins and removing widgets like the Google Maps one which sometimes does not return properly. Thanks for any help you can provide!
  • Hi, @greensunrising

    Such hack issue can be occurred to any theme. You should keep timely the security checks with your server like to use protocol https:// and also with WordPress site. Hackers can inject malware code any where may be in your theme files ( header.php, function.php, footer.php  ) or in database. You can refer the articles how to be secure from such malware and keep you web site secure. Refer the links for the same: LINK1, LINK2, LINK3 and so on...

  • Thanks for the info @imraz!
Sign In or Register to comment.