Follow This Quick Guide to Find & Remove WordPress Japanese Keyword Hack Easily

Are you a website owner whose site is showing strange Japanese text in search results? If so, unluckily, you’ve been the victim of the Japanese keyword hack, also called Japanese SEO Spam.

In this Japanese Keyword Hack, attackers try to capitalize on their victims’ SEO efforts to sell their fake products. The customer gets duped into buying it, which causes irreparable damage to business and reputation, and at worse, site owners are seen as fraudulent.

Further, Google blacklists such websites to protect their users, and even web hosting providers suspend accounts due to a violation of the security policies maintained by them. But don’t worry, no need to panic. You’re not alone, and many website owners face this issue. If you’re questioning how to fix Japanese Keyword Hack, then you’re reading the right blog post. Here, we’ll guide you on tackling this WordPress Japanese Keyword Hack without breaking your site.

Here’s How to Fix Japanese Keyword Hack

Automatically Fixing the Japanese Keyword Hack Using Website Scanner

If you’re among those who don’t have any technical knowledge, then fixing this Japanese keyword hack isn’t easy. But, if you’ve access to a scanner provided by a respected brand name such as Sectigo Web Security Platform, it can reduce your complications. For instance, such scanners can help detect malware like this WordPress Japanese hack and even remove it.

Fixing the Japanese Keyword Hack Manually

Further, this manual process is another way to remove this Japanese keyword hack, where you do everything on your own. But, we recommend avoiding this step as much as possible and not going for it if you don’t have the technical knowledge and not aware of the inner working of WordPress. Because it’s quite time-consuming, and there’s no guarantee that you’ll detect it entirely and get rid of it.

Nevertheless, if you’re interested in doing it manually, then we suggest first take the backup of your site using any tool like CodeGuard back up and then go through the below steps:

1. The first step is to open File Manager under the File section in cPanel in your web hosting account.

cpanel file manager option

2. Open File Manager and in that find and open public_html folder.

cpanel file manager wp options

3. Go to the search option at the top-right corner of the screen and search for spam keywords known for malware signatures. – It’s not easy. There are many of them, and it keeps on updating regularly.

Now, look for the recently modified files on your website. For this, go through the column named Last Modified and see if there’s any change to the file you haven’t touched yet.

Though, be mindful that it’ll take several hours, or sometimes it even takes days because you’ve to go through everything. Once you detect any malicious code, then delete it. We also suggest it’s best to check your .htaccess file as well.

4. Once you detect and remove malicious code, you’ll require to fix the vulnerability that lets hackers get into your website because it can infect your site again if it’s kept open.

Other Steps to Take After Removing This Japanese Hack Malware Manually or Through Scanner

After fixing the Japanese Keyword Hack, some other steps that you should take are like:

1. Removing Unrecognized User Accounts From the Google Search Console

Go through the User and Property Owners section and check if there’s any unrecognized user who has admin access. If you find any user who you’re aren’t aware of, then revoke their access. Usually, hackers make use of odd Gmail account name as admins, so they can make use of it to change your site settings such as geo-targeting and sitemaps.

2. Verify wp-config file

The wp-config file is the utmost important file in your website configuration, and it’s something most hackers go after. If any hack like this Japanese keyword hack occurred on your website, then it’s likely that the attacker may have kept malicious content in this file too. So, be sure you scan that file and remove unknown and strange content for resolving this hacking issue.

Though, editing the wp-config file is not easy, as even one mistake can create a whole mess, such as making your website down. First, it’s recommended to take one copy of the wp-config file and make a new file out of it. Once you complete the process, delete the previous infected wp-config file.

3. Replace Theme, Plugins & Core Files

Go to WordPress.org and download the fresh and updated version of the theme and replace it with the originally installed versions infected core files, and for plugins also do the same.

4. Verify Uploads Directory

Check all the files of wp-content/uploads directory for any blacklisted extensions such as .js, .ico or .php. If you find any files with such extensions that include rot13, evaluation, strev, base64_decode, and gzinflate, then eliminate those files as it can be malicious.

5. Check Sitemap

Verify the sitemap of your website. There are chances that the hacker may have done some modification or have made a new sitemap for quick indexing of the Japanese Spam pages. If you find any malicious links in your site’s sitemap, update your CMS’s core files from the last clean backup.

Further, once you remove the Japanese keyword spam hack from your website, it’s best to take proper precautions, or there’s a chance it’ll come back. For ensuring that your site stays secure in the future, make sure you’re:
  • Having a firewall in place to prevent hackers from gaining access to your website.
  • Protect login page from brute force attack by implementing features like two-factor authentication or limiting the login attempts if password or username is not correct.
  • Scan your site for malware regularly.
  • Keep site theme and plugins updated.

Fixing the Japanese Keyword Hack From Google Index

Once you remove Japanese Keyword hack malware from your website and make all the patches, you’ll still have to go through one more procedure. And, it’s to remove those hacked pages from the Google Index. For removing from Google Indexing, go through the below steps:

Steps to Manually Remove Hacked Pages From Google

  • Search for “site:.com”. It’ll show all the indexed pages of your website.
  • Browse through search results and note down all the URLs infected by the Japanese Keyword hack into one CSV file.
  • Go to “Google Search Console” and navigate to the “URL Removal Tool” page.
  • Now, paste URLs of all those hacked pages into the “Remove outdated content” and request removing it from Google Index.

Steps to Automatically Remove Hacked Pages From Google

  • Go to “Google Search Console” and go to the “Coverage Report” session.
  • Select the “Valid Pages” option.
  • Request for downloading URL list in CSV file format from the Indexed, that’s not submitted in sitemap page.
  • Duplicate that CSV file, strip the index.php and permalink of all URLs that are hacked.
  • Install “Bulk URL Removal” extension in Google Chrome from Chrome web store.
  • Go to the “Removal Outdated Content” page in the Google Search Console and upload that CSV file under an option named “Upload Your File.
  • It’ll automatically submit all the listed URLs, and the system will show a popup message, and once the submission succeeds, you get notified.
  • After the completion of the URL submission, the system will show you a popup message. Bypass it by selecting the option “Cancel.” Then, that installed extension will continue to submit another URL from that list.

What Is the Japanese Keyword Hack or Japanese SEO Spam?

The Japanese SEO spam or the Japanese keyword hack is one of the notorious malware infections done by hackers. In this Japanese SEO Spam, hackers hijack your site’s search engine ranking by compromising them and injecting spammy URLs and keywords.

After their attack, whenever your site gets indexed by Google, your site’s search results will display manipulated results. In other words, your site will show Japanese texts as your site won’t be ranking for the keywords you targeted but the Japanese keywords injected by the hackers.

japanese-keyword-hack-malware
For example, the above image displays that hackers had attacked and injected malware on the sitemap page of one of the websites, which resulted in displaying Japanese keywords in the Google search results like:
japanese-keyword-hack-on-google
Further, the Japanese Keyword hack attack is usually made to generate revenue by injecting affiliate links of stores that sell fake products. So, whenever someone visits your site and click on that affiliate link and buys the product from there, the hackers will get the commission.

How to Identify if Your Website Is Infected With the Japanese Keyword Hack

Japanese keyword hack is a hack that usually affects the database and core files of the website. To go through each file for detecting this hack is a tiresome process. However, other three different methods for detecting this Japanese keyword hack infection in your site are:

Google Search for Identifying Hacked Web Pages

Initially, you can look through Google search to find out whether this attack has infected your website. To discover such web pages, go to google search and type in: site:[your site root URL] japan.

xjapanese-seo-spam-in-google-search
Now, once you hit enter, Google will start displaying your website’s indexed pages, including those that have been hacked. Go through search results and look for any malicious looking URLs. If you find any page of your website with the Japanese characters in the titles displayed in the search results, it means the Japanese Keyword hack has infected your site.

Here’s another example, where an entire home page is loaded with Japanese characters. It’s an obvious sign that the website has been a victim of this attack.

example of japanese hack

Note: Google search on another device or computer if you don’t find the result on your system

Google Search Console for Detecting Hacked Content of Your Website

Google recommends website owners and webmasters to register their websites with Google Search Console. So you get timely notifications regarding any security issue or if your website is hacked like this Japanese keyword hack.

japanese-seo-spam-google-search-console-security-issue
To find out the affected page, go to Google Search Console > Security Issue section. Once you click on this Security Issue, it’ll provide details on hacked pages that have been indexed in Google.

Fetch As Google for Detecting Cloaking

Cloaking is one of the common methods hackers use to display different content or URLs to users and search engine instead of the original. If you, as a site owner, get duped and shown an HTTP 404 error or an empty page, then it’s a sign that your site is hacked. However, you can use Fetch as a Google tool through Google Search Console to check about cloaking. It’ll help look at the page’s hidden content showing the page is empty or throwing an HTTP 404 error message.

fetch as google fetching option

How the Japanese Keyword Hack Affects Your Website

Below are some of the consequences you may face if your website gets attacked by the Japanese Keyword hack and goes unnoticed for a long duration.

Loss of Trust

Whether you’re running a blog, business website, or shopping portal, building trust with site visitors takes time. Further, if your site gets hacked, there’s the chance of your site visitors’ confidential information to be stolen, and visitors may even get tricked into purchasing fake products.

Ultimately, site visitors will lose trust in your website and may never come back again. And even if you fix the issue, rebuilding trust will take time.

Damage to SEO Efforts

Once your site gets hacked, search ranking can impact bad ways because hackers use black hat SEO techniques that aren’t approved by Google. Further, hackers also create numerous backlinks that can even ruin your site’s backlink profile.

Google Blacklists Your Website

Google gives priority to easy user navigation and the satisfaction of the user. Your website should be helpful to users. Instead, if your website gets hacked and users risk their information, or else it starts harming user’s data or gets duped into buying fake products, Google will make sure that your site stays out of their platform. Google will start deindexing your site and even blacklist it. So, whenever someone tries visiting your website, a warning message like the below is shown:

google-blacklist-warning

Your Hosting Provider Suspends Your Website

Suppose your site is hacked and goes unnoticed by you for a long time. In that case, a respected hosting provider such as WordPress hosting providers or Joomla hosting providers won’t tolerate this and will likely suspend your account and take down your website. It’s done because most web hosting providers have policies that require all site owners to maintain strict security measures. So, if your site is hacked, it means you’re violating that policy.

Likewise, if your website is hosted on a shared server, it can even put other websites at risk and may even take more server resources, which even interfere with other sites.

Loss in Revenue

It’s obvious once your site becomes the victim of an attack such as the Japanese Keyword hack, it gets blacklisted and taken down, and you’ll even lose revenue. For those of you who run an eCommerce website, it means losing sales. Other websites may lose on ad revenue or affiliate revenue and much more.

Further, the hacker can even get full control of your website and may even demand a ransom amount from you by holding all critical data on your website as a hostage. If you’ve any eCommerce site or any other that requires strict security policies, we suggest going through this website security tips article that may prove helpful.

Increased Recovery Costs

Businesses spend thousands of dollars on cleaning hacked websites. Companies lose more than a billion dollars every year, redeveloping all security protocols and paying legal penalties thrown on them. However, it doesn’t mean you also have to go through it.

Sometimes it happens, but these are some of the major consequences you can face. It should clarify why you should act instantly and add proper security layers so you don’t have to go through such hassles.

Closing Thoughts

In today’s date, cybercrime isn’t an unheard-of thing. If you’ve got a website, then it’s quite normal if you happen to come across such attacks. However, how you deal with it and how you prevent happening in the future is the main thing.

For instance, if you become the victim of this Japanese Keyword hack attack, you must clean your website, request Google to deindex those hacked pages, and further, it’s also recommended that you don’t come across such attacks again.

Here, we’ve discussed what this hack means, how you can remove it and how you can prevent it in the future, what are some of the consequences you can face if you don’t act promptly on it.