How to Fix the Japanese Keyword Hack in WordPress?

The Japanese keyword hack is a spam-related hack that creates new pages with autogenerated Japanese text on your WordPress website. The hackers add themselves as a property owner in Search Console, to increase profits by manipulating your site’s settings. If someone tries to hack your site, it notifies saying someone you don’t know has verified your site in Search Console.

The identification of this type can be made by first checking the security issues tool in the “Search Console” to see if Google has discovered any of these hacked pages on your site. By typing “site:_your site url_” in Google Search window with the root level URL on your site can also help uncover Japanese keyword hack.

To identify if your site is hacked, flip through a couple of pages of the search results to see if you can identify any other URLs. When you open such hacked pages, it redirects to some other site, or the site may contain some babbled contents. Even it can throw an error saying the “page does not exist” or “404 forbidden error”.

Hackers use the cloaking process to make you believe that the page is gone or fixed. Cloaking is the practice in which different content or URLs present to human users and search engines. We can identify this by entering the site’s URLs in the “Inspect URL tool”.

Fixing the WordPress Japanese Keyword Hack

The first thing to be done in such a situation is to clean your site as soon as possible, or Google will blacklist your website, and your site visitors won’t be able to find your site in Google search engine results nor visit it through their Chrome browser. By following these steps, we can clean the Japanese keyword hack.

1) CREATE A BACKUP OF YOUR SITE

Always keep an offline copy of the files before you remove them so that you can use the same to restore later. It is always better to back up your entire site before you start the cleanup process. This process can be done by saving all your files on the server to the location of your server or can use the best backup option available for your Content Management System (CMS). It is essential to back up the database as well. It is important to compress the backup file to avoid malware infecting the site after the cleanup.

2) CHECK THE GOOGLE SEARCH ENGINE CONSOLE

You can delete the sitemap, which wasn’t submitted by you by logging into your “Google search engine” and navigating to the “sitemaps” page. Also, check the users who have access to this site property and remove any owners or users not created by you from the managing users, owners, and permission Help Center. You can view all the verified user details by clicking on “Verification Details”.

3) CHECK YOUR .HTACCESS FILE

Browse to your WordPress site root directory and access the “.htaccess” file using your Hosting Panel File Manager. Check for the rules set under the .htaccess file. The other way to do this is to remove the .htaccess file and create a new file with the same name, then add the default WordPress htaccess rules and save it.

4) COPY THE WORDPRESS CONFIGURATION DATABASE CONNECTION STRINGS

The hackers also like to target or infect the WordPress configuration file named “wp-config.php”. Remove unwanted contents from this file that are not available in the wp-config.php default file. If you are not an expert in differentiating the default content, then you can copy your WordPress database connection strings and paste them inside “wp-config-sample.php” and replace the default ones. Then go and delete the wp-config.php file and rename wp-config-sample.php to wp-config.php.

5) REPLACE CORE FILES

It is best to delete all your site files and re-upload the new files downloaded from WordPress.org to remove a hack or malware infection. Please note down the WordPress version details for your site and delete all WordPress root core files and directories. Then download the WordPress version your site was using from WordPress.org and then upload all the files and directories you have deleted.

6) REPLACE ALL OF YOUR WORDPRESS THEMES AND PLUGINS

All the WordPress themes and plugins need to be replaced as same as the above step. Before doing that, you need to note down all their names and versions, then download them from WordPress.org or any other site from which you have downloaded the same first. Then delete all current theme and plugin directories and upload the ones you just downloaded. Then replace your wp-content/index.php file with the default one. 

7) CHECK UPLOADS DIRECTORY

Check all your wp-content/uploads directory for any .php, .js and .ico files. Check all these files for any weird file name. Then check the content for weird characters and strings inside the file. If you find any such file, then delete the same. Also keep in mind that your media file directory under wp-content/upload should not contain any .php, .js or .ico files.

8) RE-EXAMINE YOUR SITE USING GOOGLE

After following all the above steps, monitor any file changes made, and audit them. If they seem to be legit, then ask Google from your Search Console to re-consider your site.  After a few days, they should whitelist your site and send you a reply.

How to Remove your Japanese Hacked Pages from Google Index

You need to remove your Japanese hacked pages from the Google index, even after cleaning your WordPress site. You can remove those pages using the below steps.

1) REMOVE HACKED PAGES FROM GOOGLE MANUALLY

1. Search “site:<yoursite>.com” to view your site indexed pages.
2. Browse all the search results and note down all the Japanese hacked page URLs into a CSV file.
3. Login to “Google Search Console” and navigate to the “URL Removal Tool” page.
4. Paste each of those Japanese spam pages into the “Remove outdated content” tool and then request for removal.

2) REMOVE HACKED PAGES FROM GOOGLE AUTOMATICALLY:

1. Login to “Google Search Console” and visit the “Coverage Report” session.
2. Then select the “Valid Pages” option.
3. Then request to download a list of those URLs as a CSV file under the Indexed, not submitted in sitemap page.
4. Duplicate the CSV file and strip the index.php permalink all the URLs which contain it.
5. Add the “Bulk URL Removal” extension to Google Chrome for the automatic removal process.
6. Visit the “Removal Outdated Content” page in the Google Search Console and upload the CSV file under the “Upload Your File” option. It automatically submits the listed URLs, and then it analyzed and requested for removal. If the submission succeeds, then it notifies you. After the submission of one of the URLs, the system shows a popup message; you can bypass it by selecting the “Cancel” option. After that, the extension continues to submit the next URL in the list.

So, this is how you can deal with a Japanese keyword hack. If you need any further help, please do reach our support department. Or, you can also comment down in the comment section to reach us. We will get back to you with help as soon as possible.