How to Fix the Japanese Keyword Hack in WordPress?

The spam-related hack known as Japanese keyword hack generates new pages on your WordPress website that contain automatically generated Japanese text. The hackers manipulate your website’s settings by adding themselves as property owners in Search Console, aiming to increase their revenue. If someone attempts to hack your website, you will receive a notification stating that an unknown person has verified your website in Search Console.

You can identify this type of hack by first checking the security issues tool in the “Search Console” to see if Google has detected any of these hacked pages on your website. Another way to discover the Japanese keyword hack is to enter “site:_your website url_” in the Google Search window, using the root level URL of your website.

To verify if your website has been hacked, browse through a few pages of the search results and see if you can identify any other URLs. When you open these hacked pages, they may redirect you to another website or contain nonsensical content. You may even encounter an error message stating that the page does not exist or a “404 forbidden error”.

The hackers use cloaking techniques to make you believe that the page is removed or fixed. Cloaking involves presenting different content or URLs to human users and search engines. You can identify this by entering the site’s URLs in the “Check URL tool”.

Resolving the Japanese Keyword Hack in WordPress

To address this situation, the first step is to clean your website as soon as possible. If you fail to do so, Google may blacklist your website, causing it to be unavailable in Google search engine results and inaccessible through Chrome browsers. Follow these steps to clean up the Japanese keyword hack.

1) Create a backup of your website

Always make sure to save offline copies of your files before removing them. This allows you to restore them later if needed. It is recommended to back up your entire website before starting the cleanup process. You can do this by saving all your files on the server or using the backup option provided by your Content Management System (CMS). Make sure to back up the database as well. Compress the backup file to prevent malware from infecting the site after cleanup.

2) Check the Google Search Engine Console

You can delete any sitemap that was not submitted by you by logging into your “Google search engine” and accessing the “sitemaps” page. Also, review the users who have access to the website property and remove any owners or users that you did not create from the managing users, owners, and permission settings. You can view all verified user details by clicking on “Verification Details”.

3) Review your .htaccess File

Go to the root directory of your WordPress website and access the “.htaccess” file using your Hosting Panel File Manager. Check for any rules set in the .htaccess file. Alternatively, you can remove the .htaccess file and create a new file with the same name, then add the default WordPress .htaccess rules and save it.

4) Copy the WordPress Configuration Database Connection Strings

The hackers may also target or infect the WordPress configuration file named “wp-config.php”. Remove any unwanted content from this file that is not present in the default wp-config.php file. If you are unsure about differentiating the default content, you can copy your WordPress database connection strings and paste them inside the “wp-config-sample.php” file, replacing the default ones. Then delete the wp-config.php file and rename wp-config-sample.php to wp-config.php.

5) Replace Core Files

To remove the hack or malware infection, it is best to delete all your website files and upload the new files downloaded from WordPress.org. Make note of the WordPress version details on your site and delete all the root core files and directories of WordPress. Download the WordPress version that your site was using from WordPress.org and upload all the files and directories you previously deleted.

6) Replace all WordPress Themes and Plugins

You should also replace all your WordPress themes and plugins following the same steps as mentioned above. Before doing so, make a note of all their names and versions. Download them again from WordPress.org or another trusted source. Then delete all existing theme and plugin directories and upload the ones you just downloaded. Replace your wp-content/index.php file with the default one. 

7) Check Uploads Directory

Inspect your wp-content/uploads directory for any .php, .js, and .ico files. Look for any unusual file names and check the content of those files for weird characters or strings. If you find any such files, delete them. Also, ensure that your media file directory under wp-content/uploads does not contain any .php, .js, or .ico files.

8) Re-examine your Website using Google

After following all the above steps, monitor any file changes made and review them. If they appear legitimate, request Google to re-evaluate your website from the Search Console. After a few days, Google should whitelist your website and send you a reply.

How to Remove the Japanese Hacked Pages from Google Index

Even after cleaning your WordPress website, it is important to remove the Japanese hacked pages from the Google index. You can do this by following the steps below.

1) Remove Hacked Pages from Google Manually

1. Search “site:<yoursite>.com” to view all the pages of your website indexed by Google.
2. Browse through the search results and note down all the URLs of the Japanese hacked pages in a CSV file.
3. Login to “Google Search Console” and go to the “URL Removal Tool” page.
4. Paste each of the Japanese spam pages into the “Remove outdated content” tool and request their removal.

2) Remove Hacked Pages from Google Automatically:

1. Login to “Google Search Console” and navigate to the “Coverage Report” section.
2. Select the “Valid Pages” option.
3. Request to download a list of those URLs as a CSV file under the “Indexed, not submitted in sitemap” page.
4. Create a duplicate of the CSV file and remove the index.php permalink from all the URLs that contain it.
5. Add the “Bulk URL Removal” extension to your Google Chrome browser for automated removal.
6. Visit the “Remove outdated content” page in the Google Search Console and upload the CSV file under the “Upload Your File” option. The tool will automatically submit the listed URLs, analyze them, and request their removal. If the submission is successful, you will receive a notification. After submitting one URL, a popup message may appear, which you can bypass by selecting “Cancel”. The extension will continue to submit the next URL in the list.

That’s how you can deal with a Japanese keyword hack. If you need further assistance, please reach out to our support department. You can also leave a comment in the comment section below, and we will get back to you as soon as possible.