X Online Chat
close window

pdfDownload as PDF

Band-Aid (temporary fix) for the WordPress Pharma Google search hack

posted by Drew Pushlar at 2013-12-11 15:39:00

If you have a WordPress site, and your homepage appears to be hacked with the following symptoms:
  • Google's search results displays pharma spam garbage (about Cialis, Viagara, etc.) in your homepage's description, rather than your actual meta description or page content.
  • When you visit your homepage and look at the HTML source, the spam description does not appear there.
  • You're pulling your hair out trying to figure out how this is possible.

A quick fix is to go to your active template's folder, edit header.php and insert the following at the very top:


The next time Google crawls / indexes your site, the spam description should go away.

Please note, this is not a permanent solution!!!  The malicious code is still alive and well in your website and database.  However, this should alleviate the symptoms until you can clean up your WordPress installation.  Google "wordpress pharma hack" -- there are apparently many different versions of the hack, so you'll probably have to go through a bit of trial and error to resolve it. You may eventually have to completely re-install everything.  In my case, this happened on a WordPress site that was heavily customized and hand-coded in parts by a previous developer -- so a full re-install was not a viable option.

The reason this band-aid works (at least, it did for me) is that the malicious code was using a buffer to hold onto the output. When it came across the closing title tag, the malicious code checked if the user agent was a searchbot, and if so replaced the closing title tag with the spam meta description and title. My band-aid code simply flushes and ends the output buffer before the malicious code has a chance to do the replacement.

Again, this does not address the source of the problem -- only the symptoms. But if you come across this post and, like me, you've been going nuts trying to figure it out, this will keep your client happy until you can fix the site.

posted at: 2013-12-11 15:39:00, last updated: 2014-12-08 15:40:18

You must be logged in to comment.