Wordpress Exploits

How To Fix Japanese Keyword Hack In WordPress Site? [2024 GUIDE]

⭐️ Japanese Keyword Hack WordPress



If your website’s search results are returning Japanese text, you may have been the victim of a Japanese SEO Spam or Japanese Keyword Hack. Many site owners have been in contact with us concerning this type of attack. This is similar to SEO spam and pharma hack where the hacker injects large number of auto-generated SPAM keywords/pages in your website with random directory names. In this guide, you will learn What is Japanese keyword hack, How to find & remove Japanese keyword spam in WordPress site using various diagnostic tools & much more (remove spam pages from google search results).


Questions people ask us:

  • Why i am seeing Japanese / Chinese characters on my wordpress site?
  • Need to remove Japanese SEO spam URL’s from google?
  • Hacker injected japanese links on my website. How to remove these from google?

WordPress site hacking was on the rise in 2021 and in 2022 it will see major spike with advent of new vulnerabilities like log4j. We saw that large number of people are asking these questions on Google webmasters support so we thought to come up with this Japanese keyword hack removal step by step guide.


Important Update:

Spam-fighting AI is hardly new to Google’s toolbox. They’ve been employing different kinds of AI to fight spam for many years now. The latest release is supposedly capable of targeting new and existing spam trends to wipe sites with auto-generated and scraped content out of results.  Google reps discussed “Japanese Keyword Hack” while announcing this AI recently.

Google claims they are now 50% more effective at catching this type of spam as soon as it appears. They also announced that the AI would actively target low-quality review sites and shopping sites. – Source


⭐ What is Japanese Keyword Hack?

Also known as Japanese SEO Spam or “Japanese SEO Hack”. It is defined as a WordPress hack, in which a hacker adds large number of pages with titles and content in Japanese language. It can be devastating for your WordPress security and SEO rankings. The Google search results will display the infected pages/Urls/titles in Japanese language. This black-hat SEO technique has been long used by hackers to inject SEO Spam in WordPress Site along with Spam Link Injection

Pages with Japanese text are created under directories with random names like example.com/ferfsedf/fdsfdferc.html/ and so on.

Content Management System (CMS) based websites like WordPress, OpenCart, Drupal or Magento, when hacked, result in the creation of new japanese keyword stuffed pages (usually seen on index.php, tags & category URLs). These infected pages contain affiliate links to stores that sell counterfeit brand merchandise. The hackers generate revenue from these outbound links inserted in your website page.

Consequences Of Japanese Spam Keyword Hack

  • SEO efforts wasted

All your SEO efforts will go down the drain. Google will penalize your website and put it in sandbox. You will loose rankings overnight and it will take months to get them back. Apart from this, huge number of backlinks made could have a long term impact on your site SEO (Read our detailed guide on removing SEO SPAM here). Hacker can add himself as a property owner in Search Console,  by manipulating your site’s settings and this will help him get all the spam pages indexed in google.

  • Google Blacklisting

Google will blacklist your website and de-index it. Anyone visiting your website would be greeted with a google blacklist warning message and in some rare cases your website might get labelled with a “This Site May Be Hacked” message in google. OR Deceptive Site Ahead Warning Message

  • Loss of trust

Your Customers will lose trust in your brand. As your site is hacked, it will lead to stealing of sensitive financial information such as credit cards. It brings a bad name to your branding and your customers may never come back to your site.

  • Loss of revenue / Costs incurred

when your site is hacked and taken offline, your entire revenue source will be shut down. Apart from this, if hacker gains control of your hacked woocommerce or hacked prestashop store, and injects a ransomware in your wordpress site, it will burn a hole in your pocket. Recovering from this hack might be expensive and studies show that very few businesses were are able to recover from this hack.

This is a re-generating hack, you might end up paying huge amounts to security service providers for cleanup of your hacked wordpress.

  • Hosting suspended

If your web hosting provider finds out that your site is hacked. They will also take your site offline and put up a screen showing that your site account has been suspended.

⭐ How To Diagnose Your Website for Japanese keyword spam?

Japanese Keyword Hack is a type of hack that majorly affects the core files and the database of the website. To surf through each file to detect the hack is a tiresome process. You may follow three different approaches to detect if your website has been infected with this type of hack. Below mentioned are the ways to check this hack:

  • Run a security scan:

To start with you can run a security scan here

  • Using Google Search to identify hacked pages

Google search can be the initial step towards identifying the infected pages in the WorPress website. To discover these pages, open the google search and type in: site:[your site root URL]

Google will display all of the indexed website pages, including the ones that have been hacked. Navigate through the search results and check for any suspicious looking URLs. In case you find any of your website with the titles or descriptions in Japanese characters, it is possible that the site has been infected.

However, if Google search doesn’t provide any such hacked content, try a different search engine with the same key terms. There may be a possibility that other search engines display the infected content/URLs that have been removed from the Google index.

  • Using Google Search Console to detect the hacked content

Google advice webmasters to register their websites with Search Console to receive timely notifications in case of hacking. To look for the hacked pages, go to Search Console> Security Issue tool. The tool will verify if any of the hacked pages have been indexed by Google.

  • Use Fetch as Google to detect Cloaking

Cloaking is a common technique implemented by the hackers to display different URLs or content to the users and search engines than they expected. The site owner may be tricked and shown an empty or HTTP 404 page error whereas the site may be still hacked. The Fetch as Google tool in your Google Search Console must be used to check for cloaking. The tool will help see the underlying hidden content.

⭐️ Fixing Japanese Keyword Hack in WordPress

  • Before you start, it is essential that the infected website is temporarily put offline. This will provide you with a time to remove the hack and also prevent the users from visiting the hacked pages.
  • Additionally, take a backup of the core files and the database of the website before making any alterations to them. The backup would also contain the hacked pages and must be referred to only in case the necessary content is accidentally removed.
  • Keep a copy of all the files that you work with.
  • The methods suggested or implemented to resolve the concern requires a technical expertise. It is recommended to seek assistance from a professional to deal with the issue, if you have less knowledge about JavaScript, PHP files or CMS of your site. You may consult us or ask your hosting provider for any help.

Note: If your site was infected with malware and is flagged . It may also show warning “This site may be hacked” in search results.

In order to fix Japanese seo spam from WordPress site simply follow these steps.

  • Remove newly created accounts from Search Console
  • Check your .htaccess file
  • Use Fetch as Google Tool
  • Remove All Malicious Files and Scripts
  • Check Recently Modified Files
  • Check your Sitemap
  • Run a Malware Scan using WP Hacked Help
  • Create list of infected URLs
  • Submit to remove URL tool in search console

For more details, see below:

Remove suspicious accounts from Search Console

Hackers more often use a common way of adding spammy Gmail accounts as admins to make changes in the settings of your website. Check for your Search Console account and find the new users that have been added.

If you don’t recognize any of the user, immediately revoke their access to the website. To confirm the legitimacy of a user, visit the Search Console verification page that will provide you with a list of verified users for the website. By clicking on Verification Details, you can view all the users that are verified for the website.

To permanently delete a user from the Search Console, you can refer to the Remove Owner section of the Managing users, owners, and permissions Help Center. The user can be successfully deleted only after removing the associated verification token.

For example, this was found in a template of one spammy doorway generator:

<meta name="verify-v1" content="JxC+bn8NTCEfKZIdusC9WQELc8FEwbi8p32wf9q0QGA=">

This line of code allows hackers to verify site ownership of compromised sites. Keep a close eye on Malicious Google Search Console Verifications

Check your .htaccess file

The attackers use a .htaccess file to create dynamically generated verification tokens in order to create spammy accounts in Search Console.  .htaccess file is used to create dynamically generated verification tokens,  .htaccess rules to redirect users . In addition, this file is commonly used to trick the users, search engines and redirect them to the malicious pages.

Find the .htaccess file on your site by searching for .htaccess file location in a search engine along with the name of your CMS. From the search results, make a list of all the obtained file locations. Replace all of these .htaccess files with a default version of the .htaccess file.

Steps To Replace Infected .htaccess

You can consider replacing your .htaccess with a entirely new copy. Hackers often use htaccess and create dynamically generated verification tokens to redirect users in case where a wordpress site is being redirected to another site or creating gibberish spammy pages(tags/categories) with viagra etc in urls.

Step 1

  • Locate your .htaccess file in WordPress / search for “.htaccess file location”
  • Make sure to unhide hidden .htaccess files
  • If, you have 1 or more .htaccess files then, Make a list of all of .htaccess file locations.

Step 2

  • Replace all .htaccess files with a clean or default version of the .htaccess file.
  • For multi-sites with multiple .htaccess files, find a clean version of each one and replace.
  • In case of default .htaccess file it might probably be infected
  • Save a copy of the .htaccess file
  • delete the infected .htaccess file from your site.

At times, you might need to check a .htaccess rewrite rule before you apply it, use this tool to test your rewrite rules. Also See – .htaccess hacked Cleanup

Remove All Malicious Files and Scripts

  • You must carefully and thoroughly analyze your WordPress website to detect the malicious code. Most of the hackers target the JavaScript and PHP files to hack a website. The scripts and codes are modified that results in hacked pages. scan your wordpress theme for malware and remove such codes to help cleanup wordpress website.
  • Reinstalling CMS files: For a CMS based website, ensure to reinstall all the core files to clear any hacked content. However, ensure  to keep a backup of all the files prior to the re-installation as the process will result in the loss of any customization that have been made in the files. Also, reinstall files for any plugins, modules, extensions or themes used in the site.
  • It is likely that most of the affected files would have been detected using the methods discussed so far. However, it is necessary that you look for the recently modified files and the sitemap before coming to a conclusion.

Check Recently Modified Files

To search for the most recently modified files, use SSH to login to your web server account and then execute the following command:

find/path-of-www -type f -printf ‘%TY-%Tm-%Td %TT %p\n’ | sort -r

Navigate through the files and see if you find any doubtful changes made to the code.  If so, replace the files with the clean backup version of it.

Check Your Sitemap

It is likely that a hacker adds a new sitemap so that the Japanese SEO Spam pages are indexed quickly. Check your sitemap for suspicious links and if detected, ensure to immediately update your core files with a clean backup version.

Run a Malware Scan To Check

Your web server may be infected with malware and malicious files. It is recommended you scan the server to detect any suspicious files and virus. Check for the Virus Scanner tool in the cPanel provided by the web host.

  • Scan your website using WPHackedHelp

Having listed an array of methods requiring technical expertise, let’s consider an approach that is way smarter, consumes less time and takes the burden off your shoulders. WP Hacked Help deploys a systematic plan to clean up your WordPress website. The site is thoroughly scanned and the detected flaws are dealt by an expert team to provide you with a website free of malicious codes. Within a short span of time, your website will be live up again, running efficiently like before.

  • Check the website in Google once cleaned

It is necessary that you ensure the website is no longer affected by any hacked content. Make your website live and use Fetch as Google tool to detect if any infected URLs/ content is not removed.

The advice presented above is can effectively help you bring your site back to “normal” again. However, once the website is clean, implement security tips to prevent the site from similar attacks in the future.


? How to Remove Japanese URLs from Google Search Results ?

Once you have cleaned up your website make sure to resubmit your website in new google search console via new URL inspection option in updated search console version or open https://search.google.com/search-console/inspect?resource_id=https://xyz.com .

>>You can also manually submit your spammy urls which have been rendering 404 after you have cleaned up your website, via Remove URL option in search console. This will remove your website which was showing spam content from google search results.

>>Check your robots.txt file, make sure to block tags/category pages from googlebot. Update robots.txt in search console too.

>>Then, Go to Old search console interface and select REMOVE URL option as seen in image below. This may be time consuming.It may take 1 week for google to completely remove your Japanese language seo spam pages from search results.

Feel free to request a quote from us for the removal of the Japanese SEO Spam from your WordPress site. If you want us to do this entire cleanup process, you can get in touch with us HERE.

For Your Reference : (Visual Step by Step Guide)

Extra Steps For Japanese SEO Hack removal

  • Change the web hosting/IP address of your website
  • Redesign your website completely on a new server/hosting
  • Create and Resubmit new sitemap in search console

Additional Resources:

https://support.google.com/webmasters/thread/6590503?hl=en

https://developers.google.com/web/fundamentals/security/hacked/fixing_the_japanese_keyword_hack

Listen/Download This Post (podcast):

powered by Sounder

Need Help: Fill out the form below and our wordpress security expert will get in touch with you.

24/7 WP Security & Malware Removal
Is your site hacked or infected with malware? Let us get it fixed for you
Secure My Website(s)

Tags: Japanese Keyword Hack Japanese Search Spam Japanese SEO Spam Japanese Symbol Spam