Moderator
James Huff
(@macmanx)
Volunteer Moderator
Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.
hi andy,
I know your fix. if its things like calias and energy pills etc spam in the top of your header.php file. i fixed mine last week,
if you go to your directory,
wp-content\themes\twentytwelve\header.php will probably be in all your theme files , i had to clear it from 5 .. twentytwelve is example not actual, follow root to all your themes first to check.
you will see a lot of spam at the top of your header text.
message me if you want help.
Moderator
James Huff
(@macmanx)
Volunteer Moderator
There are are numerous different Pharma hacks which affect different files differently.
The FAQ initially posted covers most scenarios.
Hi folks,
Allotmenteerist; Thanks for the heads-up on that but sadly, my /header.php files in all themes are A-OK. As I say, this one is not directly on my blog, nor using the theme, etc. – the only thing is it’s using the domain.com/page-format to push across some cialis/viagra pharmacy shopfront. Not my normal line of business!
James Huff; Thanks for that, looks like it’s going to be a day to get comfy at the desk 🙂
Moderator
James Huff
(@macmanx)
Volunteer Moderator
You’re welcome, good luck!
Hi All,
Issue resolved – I think – but for the benefit of others (as no other pharma fix seemed to be the answer for me), here’s a quick rundown;
Diagnosis: Random domain.com/cialis(or viagra)-takeaway-in-location/ links. If you look at the source for any of them, they open a frame page full-window from another site (the site you’re looking at, hence it’s no bearing/design or relation to your own site).
Answer: Many people more experienced than I will have a better answer in time. Mine has been to – check all of SUCURI’s “harden” settings that were applicable, replace all WordPress files/folders other than the absolute necessary that I’d checked manually had what they should and nothing more. Delete ANY other file/folder that didn’t belong (I found lots of wp-pass.php, etc. rubbish in my root which when compared with the new install folder didn’t belong – all gone!!). This actually did the trick to be honest, so most can stop reading here.
I then for good measure deactivated, deleted and cleared EVERY plugin I didn’t need and checked all the others quickly for anything odd (FTP and view). I’ve also changed passwords (all – e.g. WP, FTP, etc.) and regen’d the keys. Hopefully…hopefully case closed.
Thanks again to the above for the hand out – first time I’ve had to actually register and not just copy someone else’s fix 😛
Moderator
James Huff
(@macmanx)
Volunteer Moderator
Thanks for sharing your solution!