So what’s worse than working late on a Friday? Working all weekend to track down the source of a Pharma Hack. After hours trawling through our databases and examining more PHP files than is wise or healthy without any success, the good folk at Host Gator managed to track down the suspect code and it has been eliminated. Thankfully our PHP database wasn’t also hacked. The site is now back online without any pesky redirects or misleading headers.
Our site’s google index will take a few more days to return to normal, which is unbelievably frustrating, but we’re clean once more, and that’s what matters.
Anyone running a WordPress install should be very careful and keep any and all plugins and themes up to date. We were hacked via an outdated php file that is built into the theme. The developer had updated just 10 days earlier, and I had delayed updated due to some customisation that needed to be backed up and reintegrated, but that 10 days was enough for the vulnerability in our system to be exploited.