Clutch 5.0 · 35 Verified Reviews · 12,000+ Projects Delivered, Get a Free Quote →

Spam In Your Google Results
That Is Not On Your Site?
This Is The Pharma Hack.

You search your own site on Google and see listings for counterfeit pharmaceuticals, replica goods, or content in a language you do not use, but when you visit the actual page, none of it is there. This is the WordPress pharma hack, and it is built specifically to be invisible to you while fully visible to Google.

CV Infotech finds this injection in the database fields and theme files where it actually lives, not just the visible page output, and removes it completely rather than leaving rows behind that regenerate the spam later.

Database scan of wp_posts and wp_options for hidden spam
Conditional cloaking detection (different content for Googlebot vs visitors)
functions.php and theme file review
Search Console spam annotation review
Full removal, not partial symptom cleanup
Reindexing request after cleanup
$30/hr
Flat rate
512
Reviews
14 yrs
WordPress security
24hr
Response

What The WordPress Pharma Hack Actually Is

The pharma hack injects hidden spam content and links into a WordPress site, historically most associated with counterfeit pharmaceutical sales, though the same technique is used just as often for replica goods, essay-writing services, or Japanese and Chinese-language SEO spam entirely unrelated to the site's real content. The defining trait is cloaking, the injected content is served conditionally, appearing to search engine crawlers but not to a normal visitor or a logged-in admin.

This cloaking is why it goes undetected for so long. The injection typically checks the User-Agent or referrer of the incoming request, and only serves the spam content when it detects a search engine crawler, which is precisely why searching site:yourdomain.com in Google is the fastest way to actually see what the hack has been showing search engines the entire time.

Francisco Escobar's WordPress platform has been checked for exactly this pattern on every scheduled maintenance visit for 14 years, which is why cloaked SEO spam has never taken hold there undetected. That same site: search check and database review is the first thing we run on any pharma hack engagement, and it is a standard part of the ongoing plans at /wordpress-maintenance-service/.

We Search As Google Sees It, Not As You See It

Since the entire hack is built to hide from a normal visitor, we replicate the crawler conditions that actually trigger the spam before concluding anything is or is not present.

Database Rows Fully Removed, Not Just Hidden

Deactivating a theme or plugin can sometimes stop spam from displaying without removing the underlying database rows, which then resurface after any unrelated update.

Search Console Spam Annotations Reviewed

If Google has already flagged specific URLs for spam content, we review those flagged pages specifically rather than relying on a general site-wide scan alone.

Reindexing Requested After Cleanup

Once verified clean, we request reindexing so search engines recrawl and update your listings, rather than leaving stale spam-flagged results live for weeks.

How We Find And Remove The Pharma Hack

wp_posts Content Field Scan

We search the post_content and post_content_filtered fields for injected spam text and links, since this is the single most common storage location and the reason a plugin-only file scan frequently misses this hack entirely.

wp_options Widget and Theme Field Review

Widget content and theme customiser fields stored in wp_options are a second common hiding place, particularly for injections designed to survive a theme file cleanup untouched.

functions.php Cloaking Logic Check

We review the active theme's functions.php for User-Agent or referrer-based conditional logic, which is the mechanism that actually makes the spam invisible to normal visitors while fully visible to crawlers.

Search Engine Simulation Testing

We request pages using a Googlebot User-Agent specifically, replicating exactly how the crawler sees the site, since this is the only reliable way to confirm the cloaking is genuinely gone rather than simply not triggering during a normal browser check.

Search Console Cross-Check

If your Search Console account shows manual actions or flagged URLs for spam, we cross-reference those specific pages against our own findings to confirm nothing was missed.

Full Removal and Reindex Request

Every affected row and file is cleaned rather than deactivated, and we submit a reindexing request once verified clean so search results update rather than showing stale spam listings for weeks.

The pharma hack is one of the most profitable hacks for an attacker precisely because it is designed to survive a superficial check. A site owner glancing at their own homepage will see nothing wrong, which is exactly why this hack can run for months, sometimes longer, quietly damaging search visibility and brand trust with anyone who happens to search the domain directly.

Finding it requires deliberately looking at the site the way a search engine crawler does, not the way a normal visitor does. That distinction is the entire difference between a removal that actually works and one that only appears to, and it is the first thing we check before touching a single file.

This service is not the right choice if:

  • You have already confirmed the spam listings are simply outdated cached results, not an active cloaking injection
  • Your hosting provider's managed plan already includes this type of cleanup
  • You need a full site rebuild rather than a targeted cleanup, see /wordpress-development-company/
  • You are comfortable with database queries and prefer to search wp_posts yourself first

We will confirm which of these applies during the triage call before billing anything.

USA

Compliance: CCPA · Hosting: AWS us-east-1 · Support: EST (UTC-5)

Site and database access during removal is handled in compliance with CCPA, processed on AWS us-east-1 infrastructure and deleted on completion, with updates communicated during EST business hours. Full detail: /web-development-agency-usa/

UK

Compliance: UK GDPR · Hosting: AWS eu-west-2 London · Support: GMT (UTC+0)

UK GDPR governs how any customer or commenter data encountered in the database review is handled. John Gowland's real estate platform build included the same database and Search Console review standard. Full detail: /hire-developers-uk/

Australia

Compliance: Privacy Act 1988 · Hosting: AWS ap-southeast-2 Sydney · Support: AEST (UTC+10)

Privacy Act 1988 obligations are factored into how Australian client data is handled during the review. Laura Maher's ongoing WordPress work with us from Australia runs on this same AEST-aligned support model. Full detail: /app-development-company-australia/

Signs Your Site Has A Pharma Hack

Run through these before assuming anything. Most of these take under two minutes to check.

#ItemWhy It Matters
1Search site:yourdomain.com in GoogleThe single fastest confirmation, spam text here that is not on the actual page is a definitive sign
2Check Google Search Console for manual actionsGoogle often flags spam directly if it has been detected
3Search your brand name plus "viagra" or "cialis"A common combination used by attackers to test if the injection is indexed
4Review recent organic traffic for unfamiliar foreign-language keywordsSudden traffic from unrelated foreign-language queries often indicates cloaked spam ranking
5Check if your site suddenly ranks for completely unrelated termsA red flag if your site starts appearing for queries with no relation to your actual content
6Fetch a page using Google's URL Inspection tool in Search ConsoleShows you what Google actually rendered, which can reveal cloaked content directly

We Check As Googlebot, Not As A Visitor

Since the hack is designed to hide from normal browsing, we replicate crawler conditions specifically to confirm what is really there.

512 Verified 5.0 Reviews

512 reviews on Freelancer.com with a 5.0 rating, from real client engagements.

Full Database Cleanup, Not Just File Cleanup

Spam stored in wp_posts and wp_options is fully removed, not just hidden by a theme change that leaves the rows intact.

Francisco Escobar, 14 Years, Zero Breaches

Client since 2012. His site has been checked for exactly this cloaking pattern on every maintenance visit for 14 years.

How We Find And Remove The Pharma Hack

Six steps from crawler simulation to a verified clean site and reindex request.

1
Crawler Simulation
First 2 hours

We fetch key pages as Googlebot specifically to confirm exactly what search engines are actually seeing.

Crawler-view content confirmed and compared against normal visitor view.
2
Database and File Scan
Hours 2-8

wp_posts, wp_options, and the active theme's functions.php are all checked for the injected spam and its cloaking logic.

All injected content locations identified and documented.
3
Full Removal
Hours 8-16

Every affected database row and file is cleaned, not deactivated, so the spam cannot resurface after an unrelated update.

Injected spam content and cloaking logic fully removed.
4
Close The Entry Point
Hours 16-20

The vulnerability that allowed the injection, usually an outdated plugin or compromised credential, is identified and closed.

Entry point identified and closed, documented for the written report.
5
Search Console Review
Hours 20-22

Any flagged URLs are cross-checked and a reindexing request is submitted once the site is verified clean.

Flagged URLs reviewed, reindexing request submitted.
6
Written Report
Final delivery

You receive the exact location the spam was hiding, the entry point, and confirmation of the reindex request.

Written report delivered covering injection location, entry point, and reindex status.

Frequently Asked Questions

Spam Showing Up In Your Google Results That Is Not On Your Actual Site? We Find Exactly Where It Lives.

$30/hr. Checked the way search engines actually see your site.

$30/hr512 Reviews14 Years24hr ResponseWritten Report