The pharma hack injects viagra, cialis, casino, or other spam content into your WordPress site — visible to Google’s crawler but hidden from you. Here’s how it works and how we remove it.
How to know if your WordPress site has the pharma hack
- Search your own domain in Google with terms like
site:yourdomain.com viagraorsite:yourdomain.com cialis. If pages show up, you’re infected. - Your search result snippets show spam content when you search for your normal pages — pharma keywords appearing in titles or descriptions.
- Google Search Console flags pages with unusual queries — pharma, gambling, or other unrelated keywords driving traffic.
- You see the infection only when viewing as Google — pharma hacks routinely use cloaking, so visiting your site in a browser looks normal while Googlebot sees spam.
Why the pharma hack is hard to remove
Pharma hacks are designed for persistence. The typical infection includes:
- A backdoor PHP file disguised as a legitimate WordPress file
- Database injections that store spam content in
wp_posts,wp_options, or custom tables - A cloaking layer that detects Googlebot and serves spam content only to crawlers
- A scheduled re-injection task in
wp_cronthat restores the infection if you delete it - Modified
.htaccessrules redirecting specific URLs or user agents
Deleting one piece without finding the others = the infection comes back in days.
How we remove it
- Full external scan with cloaking detection (we crawl your site as Googlebot to see what attackers see)
- Full file scan and database scan — we find every injection point, not just the visible ones
- Backup before any change
- Remove all infection layers — files, database entries, .htaccess rules, and scheduled cron tasks
- WordPress core integrity check — verify every core file against canonical hashes
- Access audit — remove unknown admin accounts, rotate credentials, neutralize any scheduled persistence tasks
- Verify clean — re-scan as both regular visitor and Googlebot
- Optional: Google Search Console reindex request to flush the spam URLs from search results
Want to see what a thorough cleanup looks like? Real case study →
Free pharma hack scan
Send us your domain. We’ll tell you whether pharma spam is present, how deep the infection goes, and what it takes to fix.
Related services
- Emergency cleanup — Site is hacked or flagged. Start here.
- Malware removal service — Full cleanup + access lockdown + Google warning lift.
- Google blacklist removal — Get the Safe Browsing warning lifted.
- Japanese keyword hack — Japanese spam pages + affiliate fraud cleanup.
- Security FAQ — Straight answers on cleanup, care, and recovery.
- Case studies — Real incidents we've cleaned up.
- Site cleanup overview — How our cleanups work end-to-end.
- Ongoing care plan — Monitoring, scans, backups, updates.
- Managed hosting — WordPress hosting with security built-in.