While trying out a new Google plug-in for Chrome, I noticed that Google thought my blog was smattered with pharmaceutical text. But when I checked the site in the browser, everything looked normal. Eventually I figured out my blog was a victim of the WordPress Pharma Hack, which injects text and links only when Google is scanning the site. Apparently it’s part of some Search Engine Optimization scheme to make some sites look more popular than they are.

It took several evenings to figure out what was going on. Along the way I looked at all the sites Google thought I was now linking to. They all seemed to be similarly hacked blogs. I contacted about 20 or so other webmasters to inform them they were also infected, which was an adventure in itself since not everybody likes to put email addresses on their blog. I got some nice responses, including a couple that provided additional information for me to better clean my site.

According to Google there only about 337,000,000 pages left that are infected:

Luckily I wasn’t delisted from Google; maybe the infection has learned how to keep from destroying the host. However, Bing and Yahoo seem to be missing pages from this blog, including the home page, so maybe they’re more sensitive.

I upgraded to the latest WordPress release, which was supposed to be a simple security update. Maybe my host’s PHP is not up-to-date, but several pages broke in the process. I think I’ve fixed the ones I’ve found, but let me know if you see any problems.