Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
hi andy,
I know your fix. if its things like calias and energy pills etc spam in the top of your header.php file. i fixed mine last week,
if you go to your directory,
wp-content\themes\twentytwelve\header.php will probably be in all your theme files , i had to clear it from 5 .. twentytwelve is example not actual, follow root to all your themes first to check.
you will see a lot of spam at the top of your header text.
message me if you want help.
There are are numerous different Pharma hacks which affect different files differently.
The FAQ initially posted covers most scenarios.
Hi folks,
Allotmenteerist; Thanks for the heads-up on that but sadly, my /header.php files in all themes are A-OK. As I say, this one is not directly on my blog, nor using the theme, etc. – the only thing is it’s using the domain.com/page-format to push across some cialis/viagra pharmacy shopfront. Not my normal line of business!
James Huff; Thanks for that, looks like it’s going to be a day to get comfy at the desk 🙂
You’re welcome, good luck!
Hi All,
Issue resolved – I think – but for the benefit of others (as no other pharma fix seemed to be the answer for me), here’s a quick rundown;
Diagnosis: Random domain.com/cialis(or viagra)-takeaway-in-location/ links. If you look at the source for any of them, they open a frame page full-window from another site (the site you’re looking at, hence it’s no bearing/design or relation to your own site).
Answer: Many people more experienced than I will have a better answer in time. Mine has been to – check all of SUCURI’s “harden” settings that were applicable, replace all WordPress files/folders other than the absolute necessary that I’d checked manually had what they should and nothing more. Delete ANY other file/folder that didn’t belong (I found lots of wp-pass.php, etc. rubbish in my root which when compared with the new install folder didn’t belong – all gone!!). This actually did the trick to be honest, so most can stop reading here.
I then for good measure deactivated, deleted and cleared EVERY plugin I didn’t need and checked all the others quickly for anything odd (FTP and view). I’ve also changed passwords (all – e.g. WP, FTP, etc.) and regen’d the keys. Hopefully…hopefully case closed.
Thanks again to the above for the hand out – first time I’ve had to actually register and not just copy someone else’s fix 😛
Thanks for sharing your solution!
