wordpress hacked - pharma links in all posts

Posted on 2011-03-18
Last Modified: 2012-05-11

a customer has his wordpress blog hacked and small links to pharma sites in all posts.

I have found a lot of articles by searching for "wordpress pharma hack" - but I dont find any hacker php files (backdoors) they mention in the wordpress folders, also not the database entries that these articles mention (in wp_otptions table). So no trace at all.... except all these links in every post.

There are no additional plugins installed, so they must have gotten through the wordpress core.

Any input on what hack that could be (and how to fix it)

Question by:netslt
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
LVL 70

Accepted Solution

Jason C. Levine earned 500 total points
ID: 35169816
Hi netsit,

Most likely the server itself was hacked and then a script is run to modify the WordPress files and insert the content.  

You need to contact the hosting provider and get thm to fix it.  
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35172555
Maybe too weak password ? Chenge it now if you haven't done it yet. Make an upgrade.
Does the code appear only AND ONLY in posts ?
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35172558
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users

LVL 31

Expert Comment

ID: 35173873
Which version of Wordpress?

Author Comment

ID: 35174902
it was 3.0
LVL 31

Expert Comment

ID: 35176842
Here is a scanning plugin:

Here is help from the Codex:

Here is a guide to securing Wordpress:

LVL 31

Expert Comment

ID: 35176874
3.0 or 3.0.5?  To stop it from happening in the future might be as simple as keeping Wordpress updated.

Check the database and see if the links are actually saved with the post, or if they are being added from somewhere else.  If they are mixed into the post via the database and you don't have a backup to restore to, you will have to remove them with search and replace tool.

Author Closing Comment

ID: 35249981
I think it must have been a hole on the server because it turned out other wordpress installations on the server where also affected.

Also I did not find any known exploits for the Wordpress Version I used.

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In Part I (, I introduced you to the powerful WordPress backend, the WordPress administrative Dashboard.  In Part II, I will introduce yo…
I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
The purpose of this video is to demonstrate how to manually back up a WordPress Database. This will be demonstrated using a Windows 8 PC. The Host used will be Log into your Hosting account. IPage will be used for demonstration : Locat…
The purpose of this video is to demonstrate how to reset a WordPress password if you are locked out and cannot reset the password. A typical use would be if you cannot access the email to which WordPress would send the password recovery email to…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question