What Is the Japanese Keyword Hack?
The Japanese Keyword Hack, also known as the Japanese SEO Spam Hack, is a form of search engine cloaking where hackers inject Japanese language content and spammy links into your WordPress site often without altering the frontend you or your users see.
This hack exploits your website’s SEO reputation to:
- Insert fake Japanese e-commerce pages
- Redirect search engine traffic to spam or phishing stores
- Damage your search engine rankings and trustworthiness
How the Hack Works Behind the Scenes
This attack uses a multi-layered infection method:
| Method | Description |
| Database Injection | Spammy Japanese content is inserted into your wp_posts and wp_options tables. |
| File Injection | PHP backdoors are placed in files like functions.php, wp-config.php, and often inside wp-content/uploads. |
| Cloaking Mechanism | Malicious code checks if a visitor is a bot (Google) or a real user — and serves different content accordingly. |
| Sitemap Hijack | A fake sitemap is created and submitted to Google, flooding your indexed URLs with spam. |
| .htaccess Modifications | Conditional redirects may be added based on IP or referrer. |
Hackers may use obfuscated PHP functions (eval(), base64_decode, gzinflate, etc.) to hide malicious payloads.
Symptoms of the Japanese SEO Spam Hack
These are the most common indicators:
👁️ Visible Symptoms:
- Japanese characters or product listings (セール, 安い, etc.) appear in Google search results, but not on your actual pages.
- Search Console alerts: “Hacked content detected.”
- Your site title/meta in search appears in Japanese.
- Increased bounce rate from organic traffic.
🔍 Hidden Technical Signs:
- Fake pages like https://yoursite.com/セール-時計/ indexed by Google.
- New sitemap submitted (e.g., sitemap_japan.xml).
- Unknown users or plugins in WordPress admin.
Suspicious cron jobs or unfamiliar .php files in wp-content/uploads/.
Step-by-Step Guide: Removing the Japanese Keyword Hack
Step 1 – Scan Your Site (Externally & Internally)
External:
- Use Sucuri SiteCheck or VirusTotal to check indexed spam.
Check your site’s results on Google using:
site:yourdomain.com セール
site:yourdomain.com 時計
Internal:
- Install Wordfence or MalCare to scan core files and themes.
Use SSH or FTP to search for:
grep -r ‘base64_decode’ .
grep -r ‘eval(‘ .
Step 2 – Audit WordPress Files
Focus on:
- functions.php
- wp-config.php
- .htaccess
- Any unknown files in wp-content/uploads, wp-includes
🚨 Warning: Some malicious code is obfuscated or injected with whitespace or comments — don’t assume it’s safe because it “looks empty.”
Step 3 – Clean the Database
- Go to phpMyAdmin and search tables like:
- wp_posts
- wp_options
- wp_users
- wp_posts
- Look for Japanese terms, iframe injections, or base64-encoded content.
📌 Tip: Use SQL queries to speed this up:
SELECT * FROM wp_posts WHERE post_content LIKE ‘%iframe%’ OR post_content LIKE ‘%<script%’;
Step 4 – Remove Rogue Sitemaps & Reset .htaccess
- Look for fake sitemaps like:
- /sitemap_japan.xml
- /sitemap_index.xml (overwritten)
- /sitemap_japan.xml
- Replace .htaccess with default WordPress version:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Step 5 – Re-secure and Re-submit to Google
- Delete any unknown admin users
- Change all admin passwords and salts
- Submit cleanup request via Google Search Console:
- Use “Security Issues” tool
- Submit reconsideration request if penalized
- Use “Security Issues” tool
- Submit new, clean sitemap
How to Prevent the Japanese Keyword Hack (Permanently)
| Best Practice | Details |
| 🔐 Strong Passwords | Use a password manager and require 2FA for all admins. |
| 📦 Only Trusted Plugins | No nulled or third-party plugins/themes from shady sources. |
| 🔄 Keep Everything Updated | WordPress core, themes, and plugins must always be current. |
| 🔍 Scheduled Scans | Use Wordfence/MalCare for daily scans and alerts. |
| 🧱 Harden wp-config.php | Disable file editing and directory browsing. |
| 🧰 Backups | Use UpdraftPlus or BlogVault for automated, off-site backups. |
Tools to Help You
| Tool | Purpose |
| Wordfence | Real-time malware scanner + firewall |
| MalCare | One-click cleanup and backup |
| Sucuri | External monitoring, blacklist removal |
| UpdraftPlus | Automatic backups to Google Drive, Dropbox |
| Google Search Console | Detect indexed spam, submit sitemap |
Final Thoughts: Don’t Just Clean — Fortify
The Japanese Keyword Hack is a SEO-driven cyberattack that often comes back if not completely cleaned. Many WordPress users remove the visible symptoms but leave behind backdoors, cron jobs, or fake admin accounts resulting in reinfection.
Cleaning it thoroughly means:
- Deep file and DB audits
- Resetting access credentials
- Fixing your SEO presence in Google
Need Professional Malware Removal?
Tired of battling the same malware over and over? Let our security experts deep-clean your site, harden it, and protect it long-term.
📞 Request a free malware assessment
