Being hit by the Japanese Keyword Spam hack can be devastating! You’d see that your search results are displaying random Japanese content.
Why is this happening to you? Similar to a pharma hack, these hackers capitalize on your SEO efforts and use your website to sell counterfeit brand merchandise. And as a result, your customers can be duped into buying these items which can cause irreparable damage to your business.
Once customers realize the products are fakes, you can be sure they’ll never return to your site. Your reputation could be ruined as you’d be pegged as fraudulent.
When you’re WordPress site is hit with such an attack, we know the level of panic it creates as the malware infection is so widespread!
At MalCare, we’ve seen one too many victims of the Japanese SEO spam hack. So don’t worry, we’ve got you covered. We’ll show you the right way to fix it and then we’ll guide you on how to make your site secure so that hackers are kept out!
If your WordPress website has been infected with a Japanese keyword hack, you need to fix it immediately. It only gets worse the longer your site remains hacked. We recommend using MalCare Security Plugin to detect the hack and clean it immediately.
What is Japanese SEO Spam Hack?
The Japanese SEO spam is a dreaded malware infection wherein hackers inject spammy Japanese words into your pages. Once these hacked pages get indexed by Google, your appearance on search results will be manipulated. So your website will start ranking for these Japanese keywords.
If you want to check if your site is a victim of this hack, visit Google and type in ‘site: yourwebsitename.com japan’.
In the example below, we didn’t even need the word ‘Japan’ to see the hack.
Next, the hackers also inject affiliate links to stores that sell counterfeit products on these pages. In some infections, hackers create thousands of their own SEO spam pages with affiliate links.
If someone visits your site, clicks on the affiliate link, and buys the product, the hacker gets a commission. This is how they generate revenue from their hack.
Tip: This type of hacker would usually add themselves as a property owner in Google Search Console. They do this so that they can manipulate your site’s geotargeting settings and sitemaps. This allows them to change the country your website is targeting, or change it from local to international targeting. If you see a notification of a Search Console verification for your site, you should check if you’ve been hacked immediately. We’ll show you how but first we want to cover just how serious this hack is.
Consequences of being hacked by Japanese Spam
If you’re a victim of the Japanese SEO spam hack, there are dire consequences to face.
1. Customers will lose trust
Building trust with customers takes a long time, whether you run a blog, a business, or an eCommerce store. When your site is hacked, confidential business information and customer data could be stolen. Customers could be duped into buying fake products.
In such an event, customers most likely will never come back to your site. Rebuilding that trust could be an insurmountable feat.
2. Your SEO efforts are damaged
Your search rankings will take a hit as hackers use blackhat SEO tactics that Google does not approve of. They also create thousands of backlinks that could ruin your backlink profile.
3. Google Blacklist
Google’s first priority is user experience and satisfaction. So, if your website could potentially harm users or put them at risk (of having their data stolen or being duped into buying fake products), Google would feel it in their best interest to take your site of their platform.
Your pages will be deindexed and your site will be blacklisted. Visitors who try to access your site will be displayed a warning:
4. Webhost suspension
Your web hosting provider will also take your site offline and suspend your account if they find out that their site is hacked. This is because they usually have strict policies that require you to implement security measures on your site. Being hacked means you are in violation of that policy.
Apart from this, if you are using a shared server, you could jeopardize other website’s performance and security. This is because your hacked site will eat up more server resources.
5. Loss of revenue
Needless to say, when your site is hacked and taken offline, you would lose revenue every minute. For eCommerce stores, this means losing out on sales. Other websites could lose out on ad revenue and affiliate revenue.
Plus, once hackers have control of your website, they can also demand more money from you by holding your website hostage and demanding a ransom. If you have an eCommerce store, you can check our WooCommerce Security tips.
6. High recovery costs
Businesses have forked over thousands of dollars to clean up hacks. Companies lose $400 billion to hackers every year in clean up costs, rehauling security protocols and paying legal penalties.
A study showed that 60% of businesses never recover from hacks and shut shop within 6 months of the hack. Recovering from such a hack has proved to be expensive!
These are just some of the high-impact consequences you could face. Now, you can understand why we need to clean this up promptly and also add layers of security so that it doesn’t happen again.
Detecting a Japanese SEO Spam Hack
Detecting Japanese SEO Spams is tricky because hackers cleverly disguise their malicious activities on your site. They use a method called cloaking which disguises the spam Japanese characters from the site owner, but the search engines will be able to pick it up.
They may do this by keeping the font color the same as the background color or making the font size really tiny. Hackers may hide the keywords in the header or footer too.
There are two main ways to find the Japanese SEO Spam Hack – manually and using a security scanner.
Manual Method of Finding and Fixing Japanese Keyword Hack
As we mentioned, hackers disguise their spam keywords using a technique called cloaking. Trying to find the this type of hack manually requires technical knowledge of the inner workings of WordPress. Not to mention, it’s time-consuming and you simply cannot guarantee that you’ve detected all of it.
Nonetheless, if you want to try this method, we suggest taking a backup of your site and then proceeding. This will ensure you don’t lose any data or can recover your site in case you break it while you remove malware.
Manual Detetion Throught cPanel
To manually detect the hack, you need to connect to your website using File Manager in cPanel of your web hosting account (Or using an FTP client like FileZilla).
Next, you need to find the public_html folder like so:
Next, using the search option on the top-right of the screen, you can search for the spam keywords by searching for known malware signatures. (There are thousands of them and new ones spring up every day).
You should also look for recently modified file on your site. You can do this by looking at the ‘Last modified’ column to see if hackers recently made changes to files you haven’t touched.
This could take several hours or even days and you need to be thorough because this hack could be in multiple places.
Once you detect the malicious codes and delete them. We recommend that you check your .htaccess file as well.
After this, you need to find and fix the vulnerability that allowed the hacker to enter your site, If that is still present, they can come back and infect your site again.
We don’t recommend the manual detection method to clean up a WordPress Japanese keyword hack. Years ago, the manual detection method was easy as hackers usually placed their hack in certain folders. But over time, they’ve grown smarter and hide malware in places you wouldn’t think to look. Therefore, this method has proven to be ineffective and the hack will most likely show up again.
An effective solution that we recommend is a WordPress Security Scanner.
Using a security plugin to find the Japanese Spam Hack
There are WordPress Security Plugins that are capable of scanning files and looking for thousands of malware infections in just a few minutes.
One thing to bear in mind here is that some of these plugins can only find known malware. This means any new code created by hackers will be missed. So there are chances that a malware scanner tells you your site is clean when it’s actually hacked.
Tip: Sometimes hackers use the same code that is also used by some legit plugins and themes. Security scanners that look for known WordPress malware signatures may detect this legit code. It will then alert you that your site is hacked even though it’s really not.
So while a security plugin is preferred over the manual method, here too, you have to choose the right plugin. To detect a Japanese keyword spam hack, you need the following in a plugin:
- Scan every file locations and folders of your website in under a few minutes
- Check for cloaking of disguised and hidden malicious code
- Detect any malicious code – known or new – by analyzing its behavior and execution
- No false indications that the site is clean when it’s not
MalCare is one such plugin that can meet the above requirements. It combs through every nook and corner of your site, not just detecting malicious code, but also analyzing code. This enables it to find any kind of malware present. So even new malware created by hackers will be detected. It does all this in just a few minutes and will alert you if your website is hacked, like so:
How to clean a Japanese Keyword Hack
To fix the Japanese Keyword Hack is a not an easy work, so it’s only natural to be worried about how complicated cleaning it up is going to be. But with MalCare, it’s just one click.
Once the hack has been detected, you can clean up the malware yourself by clicking on ‘Auto-clean’:
As we mentioned earlier, sometimes the hacker’s code is also used in plugins/themes. If you delete the code used by the plugin/theme, your site could break.
We recommend using MalCare because it analyses the code’s behavior and patterns. This enables it to be 100% sure if it’s malware or not. It will remove all malicious files and scripts without breaking your site.
This brings us to end on cleaning up the Japanese SEO Spam malware. But we’re not done yet. Your website was hacked because there was a vulnerability on your site that allowed a hacker to get in.
There are follow-up steps you need to take to ensure you’re rid of the hack.
Steps to be taken after cleaning a Japanese SEO spam hacked website
- Clean Search Console – Login to your Google Webmasters Search Console. Check if any users were added recently. If you don’t recognize them, delete those accounts from Search Console.
- Remove Google Blacklist – If Google blacklisted you, you need to submit your site for review. Take a screenshot of your site being clean and attach it to your site submission.
- Remove web host suspension – If your account was suspended by your WordPress host provider, you need to contact them via customer support and inform them that your site is now clean. They will unsuspend your account.
- Clean Backlinks – Go to your backlink profile on Search Console and identify all spam links created. Make a list of the spam links and submit it for Google to disavow links.
- Check Google Search Results – Type into Google, the same search query ‘site:yourdomain.com japan’. Also, do a search for just ‘site:yourdomain.com’.
- Replace your .htaccess file – The .htaccess file is used to create redirects and hackers exploit this file to redirect your website visitors to their own sites. The MalCare plugin would’ve taken care of this. But as a precaution, you can replace the .htaccess file with a fresh copy using File Manager. Recommended read: How can I create a .htaccess file
Site Security: How to prevent the Japanese Keyword Hack
Before we wrap up on Japanese SEO Spam, we’d like to share a few tips on how to prevent such hacks from happening on your website.
Many times, we see WordPress site owners install a free security plugin on their site and that’s it. Security is taken care of. But this is far from sufficient.
There are measures you need to take in order to keep your website secure and to protect your users and yourself. We recommend:
- Updating your site – One of the major reasons why WordPress sites get hacked is because they’re running on outdated software. Update your WordPress installation and any themes and plugins installed on your site.
- Deleting unused themes and plugins – Every extra plugin/theme you have on your site is another opportunity for a hacker to try to get in. Remove all inactive plugins and themes to stay safe.
- Hardening your website – WordPress.org recommends certain specific hardening measures to implement on your website so that it’s hard for hackers to break in. Here’s all you need to know about website hardening: 12 ways to harden your WordPress Site.
- Installing an SSL Certificate – If you don’t already have one, we recommend installing an SSL certificate on your website immediately. If your budget is tight, you can get a basic one for free at LetsEncrypt. This will ensure data transferred to and from your site is encrypted and safe from hackers.
Hackers prefer to target sites with relaxed security measures as they’re easy to break in. Once you implement these measures, hackers will see that your website is hard to break in. More often than not, they’ll move on to find an easier target.
We hope after following the steps in this article, your website is free from the Japanese keyword hack for good!
But remember, getting hacked needn’t be a one-time affair as hackers are constantly on the prowl. If you want to make sure this doesn’t become a recurring nightmare, you need to keep a reliable security guard on-premises.
We recommend our MalCare security plugin as it will ensure your site is regularly scanned to spot any suspicious activities promptly. It also puts up an active WordPress firewall plugin that blocks malicious IP addresses and bad bots from ever visiting your site.
With this plugin active on your site, you can be at peace knowing your website is well-protected!