How To Identify & Fix Gibberish Keywords Hack?

Updated on

How To Fix Gibberish Keywords Hack


A blog post by the search giant, Google, suggested that there has been an increase in the number of hacked websites by 32% in 2016 as compared to 2015. It was mentioned that 61% of webmasters that were hacked didn’t receive a notification about their infected site as they weren’t registered with a Google Search Console. Google laid an emphasis on registering the website with Search Console, a free service that is used by the search engine to communicate site health alerts.

Amongst the several types of hacks such as Japanese keyword hack, WordPress redirect hack, Pharma hack, DDOS or XSS attack Gibberish hack may leave you wandering through website pages stuffed with frequently searched keywords. This blog is all about What is Gibberish hack in WordPress?, what are its signs?, how can you fix Gibberish keywords wordpress hack ? and related topics. If, your WordPress website is infected with this type of hack or any other, the blog will be helpful in fixing them and running the site properly.

What is Injected Gibberish URL Hack?

Gibberish hack results in the creation of spammy pages that are added to your website. These pages are filled with a non-sensical gibberish-text that is rich in keywords, along with the links, images to manipulate search engines and increase the ranking, traffic of the pages in Google search. On visiting these hacked pages, you will be redirected to an unrelated page, such as a porn site. Hackers generate revenue when people visit these linked pages.

In a few cases related to Gibberish hack some files may be infected, while in other cases, it might appear in a folder including random characters and using varied languages.

Some examples of the type of files affected by the gibberish hack include:


Here are a few examples where it appears as a folder:


The gibberish hack affected page may look like this:

gibberish hack affected page

How is Cloaking and Gibberish hack connected?

Hackers often use cloaking to make it harder for the webmaster/site owner to detect whether the website has been infected or not. Cloaking is a technique that enables hackers to display different URLs or content to the users and search engines, while to the webmaster it may show an empty or HTTP 404 page error.


You can check for cloaking by entering your site’s URLs in the Fetch as Google tool. This tool will help to see the underlying hidden content. In case you find some concerns, it is likely that the website has been affected by gibberish hack.

How to check if my website is hacked?

Foremost, it is essential that your website has been registered with a Google Search Console. To search for the hacked pages, go to Search Console > Security Issue. This will help determine if Google has detected any of these hacked pages on your site.

How to check website is hacked

Another way to discover these pages is by opening a Google Search window and typing in site:[your site] eg . The search results will display all the pages of your website including the hacked pages indexed by Google. Go through a couple of pages and check if you come across any unusual URLs. If Google search doesn’t provide any hacked content, try a different search engine using the same search terms. It might be possible for the other search engines to generate hacked pages that Google may have removed from the index.

How to check if my website is hacked

How to fix Gibberish hack?

Temporarily Take your Site Offline

Before taking into consideration any measures to fix gibberish hack, ensure to take your website offline on a temporary basis. By doing so, you will refrain the users from visiting the hacked pages and give yourself enough time to fix the website properly. By keeping your website online while cleaning it may result in the site getting hacked again.

Essential tips before fixing the hack

The next suggested methods require technical expertise to deal with the website. If you aren’t well sound with the technical end of the site to bring about the required changes, it might be preferable to consult or hire an expert. However, these tips to identify hacked wordpress site will definitely be a great help to resolve the concern.

Additionally, ensure to take a backup of your website before you start to fix it. The backup version will even include the hacked pages and you must refer to it only when a crucial file or content is accidentally deleted. You may seek assistance from the hosting provider, if unsure about how to backup the site or can consult the content management system (CMS) documentation. Ensure to keep a copy of all the files that you work with.

Follow the suggested methods to fix gibberish hack:

  • Check your .htaccess file.
  • Finding and removing other malicious files.
  • Check your .htaccess file.

The gibberish hack makes use of .htaccess file to redirect the users from the original site. The initial step aims at locating the .htaccess file of your site and making a list of all of the files. If you are unaware of how and where to find these files, simply search for .htaccess file location along with the name of CMS in a search engine. The search results might include multiple .htaccess files.

Replace all of these searched files with the default version of the .htaccess file. To obtain the default version of a .htaccess file, search for default .htaccess file and the name of your CMS. For websites that have multiple .htaccess files, you will have to look for a default, clean version for each file and then replace it.

However, in case no default .htaccess file exists and the site had never been configured using an .htaccess file, then the one you find on the website is likely to be malicious. Save a copy of the file before deleting it from your site.

Finding and removing other malicious files

JavaScript and PHP files are the most common types of files that are targeted to hack a website. Gibberish hack makes certain manipulations and modifications in these files. Hackers more often consider two ways to achieve this: The first way is to insert new PHP or JavaScript files on your server. The inserted files might be given a name that is very similar to an existing legitimate file on your site. E.g. the new file named wp-cache.php file against the legitimate file wp_cache.php. The other way is to modify the legitimate files on your server and insert malicious content into these files.

Hackers use keyword replacements to create the spammy pages. You’ll most likely see some type of generic word that can be replaced throughout the hacked file.

<meta name="description" content="{keyword}" />
<meta name="keywords" content="{keyword}" />
<meta property="og:title" content="{keyword}" />
<div style="position: absolute; top: -1000px; left: -1000px;">
  Cheap prescription drugs

E.g. the attackers might add malicious codes to your template or plugin JavaScript file on the site. Like in case of a malicious file named happypuppy.php, was injected into a folder on the site. In addition, the hackers also infected a legitimate JavaScript file called json2.js by adding malicious code to the file. Here is an example of a corrupted json2.js file. The malicious code is highlighted in red and has been added to the very bottom of the json2.js file:

Finding and removing other malicious filesTo effectively detect malicious files, you’ll need to have knowledge about the JavaScript and PHP files on your site. You might have to seek help from your CMS documentation. Once you are aware of the functioning of the files, you should be easily able to detect malicious files that aren’t a part of your site. Also, check the site for any files that have been updated lately.

Recently modified template files should be thoroughly analyzed. Removing malicious content as previously discussed, it is essential to backup the contents/pages of your site before removing or altering any files. If you backup your site on a regular basis, the cleaning up process might take less time and be easy to perform. In case you are not regular with the backups, you may have a few other possibilities. Start with deleting the malicious file, uploaded on the website.For example, in the above described case, you would delete the happypuppy.php file from,password.

For corrupted PHP or JavaScript files like json2.js, you’ll have to upload a clean version of those files to your site.

If you use a CMS, consider reloading a clean and default version of the core CMS and plugin files on your site.

Having discussed the above two approaches to fix Gibberish hack issue, it is clear they require technical expertise. It is likely that most of the webmasters don’t possess the required know-how of CMS, plugins, templates, necessary to overcome the concern. In addition, these manual methods may be time-consuming and often make you consult or hire professionals.

A simple and direct approach to resolve the issue of hacking is by using our wordpress site scanner. You need not be an expert to get your website cleaned. Your WordPress website will be scanned to generate a detailed analysis report. Once the results are obtained, Live WordPress security services are initiated to clear the hacked website of the detected infections.

With 15 years of experience in the field of WordPress, the team provides unmatched and satisfactory results within a short span of time. The high-end developers believe in delivering a secure and efficiently running website.

Concluding Steps


Once your website has been cleaned, use the Fetch as Google tool to check if the hacked content still appears on Google. Ensure to make the website live before checking it using the tool. It is likely that these methods will help clean the website, however, it is essential that you identify & protect wordpress website from any hacks in the future. You can do so by following the wordpress security tips suggested in the next section.

Knowledge Base Articles: