The Pharma Hack is very intelligent. Your content is not changed, and when you browse your own site you can detect no change. Search for your site on Google Search and your blog titles and short description will be changed to flogging pharmaceuticals. Search for these blog title changes and you will find none.

From what I have researched, this Pharma Hack is very common. Even spookier, no one knows how sites get infected. This makes prevention more difficult. Somehow some code is changed in one of your plugins and some extra PHP files are added to this plugin. When WordPress is loaded, this plugin is loaded along with this virus. Certain database changes are also changed.

I have checked with my host service provider. Their audit of my site shows no breaches of security and no unauthorized changes to my WordPress blog nor account.

This blog entry from Pearsonified helped me diagnose and immunize myself. Securi‘s tool did not detect the virus. DigWP recommended some really good plugins that hardens WordPress as well as reports file changes. The Ultimate Security Checker grades your site and recommends steps to increase your grade.

It is worth taking these remedial steps to harden your WordPress install. Having someone take destroy your hard work on Google Search really is disappointing. Google Search has already started to reindex my site, a big step in the right direction. A pox on all those that use the Pharma Hack on all unsuspecting and innocent WordPress authors.

Addendum Mar 14 2012: Found a cool tool to detect malicious or suspicious code.

Technorati Profile