Odd Pharma Hack/Domain Redirect

Hi folks,

Allotmenteerist; Thanks for the heads-up on that but sadly, my /header.php files in all themes are A-OK. As I say, this one is not directly on my blog, nor using the theme, etc. – the only thing is it’s using the domain.com/page-format to push across some cialis/viagra pharmacy shopfront. Not my normal line of business!

James Huff; Thanks for that, looks like it’s going to be a day to get comfy at the desk 🙂

Hi All,

Issue resolved – I think – but for the benefit of others (as no other pharma fix seemed to be the answer for me), here’s a quick rundown;

Diagnosis: Random domain.com/cialis(or viagra)-takeaway-in-location/ links. If you look at the source for any of them, they open a frame page full-window from another site (the site you’re looking at, hence it’s no bearing/design or relation to your own site).

Answer: Many people more experienced than I will have a better answer in time. Mine has been to – check all of SUCURI’s “harden” settings that were applicable, replace all WordPress files/folders other than the absolute necessary that I’d checked manually had what they should and nothing more. Delete ANY other file/folder that didn’t belong (I found lots of wp-pass.php, etc. rubbish in my root which when compared with the new install folder didn’t belong – all gone!!). This actually did the trick to be honest, so most can stop reading here.

I then for good measure deactivated, deleted and cleared EVERY plugin I didn’t need and checked all the others quickly for anything odd (FTP and view). I’ve also changed passwords (all – e.g. WP, FTP, etc.) and regen’d the keys. Hopefully…hopefully case closed.

Thanks again to the above for the hand out – first time I’ve had to actually register and not just copy someone else’s fix 😛