How to Fix the WordPress Title Spam Hack

Load up your FTP client and log into the FTP account associated with your WordPress site. Navigate to "/wp-content/plugins." Set your FTP client to view hidden files -- see your client's documentation for instructions on how to do this -- then enter the first plugin folder in this directory. The Pharma Hack files share the following format, and there are usually find two or three of them together:

.pluginname.cache.php

.pluginname.bak.php

.pluginname.old.php

class-pluginname.php

db-pluginname.php

Delete any files with this structure in the plugin folder, then repeat for all your plugins. This effectively removes the Pharma Hack, and spam links will no longer appear on your search results. However, there is additional malicious code in your database which you must remove as well.

Load up phpMyAdmin and click on the database relevant to your WordPress site from the list on the left. Click "Export" and "Go," then choose a location to save the database to. This is so that you have a backup copy -- always backup your database before making changes to your MySQL database, as you can then restore the backup if you make a mistake.

Click "Structure," then the "wp_options" table, then the "Browse" button just to the right of it. Click "Search" and search the "option_name" field for the following malicious entries:

wp_check_hash

class_generic_support

widget_generic_support

fwp

Delete all matches that appear in the search results by clicking the red "X" on the same row as the entry.

Perform a search for "rss_%" -- without quotations. This time, delete all results except the following legitimate entries; in other words, delete all matches apart from these:

rss_language

rss_use_excerpt

rss_excerpt_length

All the malicious code of the Pharma Hack is now removed from your site.