The Japanese keyword hack adds thousands of spam pages in Japanese to your WordPress site, then redirects them to fake retail sites for affiliate fraud. Here’s how to identify and remove it.
How to know if your site has the Japanese keyword hack
- Google Search Console shows hundreds or thousands of new pages in Japanese — URLs you didn’t create
- Search Console may show a Manual Action for “Hacked: Content injection” or “User-generated spam”
- You see Japanese-language results when searching
site:yourdomain.comin Google - Some URLs on your site redirect to fake Amazon, Walmart, or other retail clones when accessed
- Your site’s verified ownership in Search Console gets unexpectedly transferred — this is a common late stage of the attack
What’s actually happening
The attacker uploads a backdoor PHP file that creates thousands of dynamically-generated pages, indexes them in Google, and redirects the resulting traffic to fake online stores for affiliate commissions. The infection typically includes:
- Backdoor PHP file(s) creating the spam pages dynamically
- Modified
.htaccessfor redirect routing - Sitemap.xml manipulation to feed the spam pages to Google
- Spam content injected directly into your WordPress database
- Often: addition of a fake Search Console verified owner so attackers retain control even after cleanup
How we remove it
- External scan + cloaking check — we crawl as Googlebot to see what Google sees
- Full file and database scan — locate every spam injection and backdoor
- Backup
- Remove all backdoors, generated pages, and database entries
- Reset sitemap.xml and check
.htaccessfor malicious rules - Check Search Console verified owners — remove any unauthorized owner accounts
- Access lockdown — unknown admin accounts, credentials, scheduled tasks
- Submit reindex request to Google so the spam URLs fall out of the index
- Submit Manual Action review if Search Console flagged one
The Search Console verified-owner check is the part most cleanups miss — and the reason Japanese hack victims often see the infection return weeks after a “successful” cleanup.
See what a thorough cleanup looks like →
Free Japanese hack scan
Send us your domain. We’ll check for Japanese keyword injection, cloaked redirects, and unauthorized Search Console owners.
Related services
- Emergency cleanup — Site is hacked or flagged. Start here.
- Malware removal service — Full cleanup + access lockdown + Google warning lift.
- Google blacklist removal — Get the Safe Browsing warning lifted.
- Pharma hack removal — Viagra/cialis/casino spam injections.
- Security FAQ — Straight answers on cleanup, care, and recovery.
- Case studies — Real incidents we've cleaned up.
- Site cleanup overview — How our cleanups work end-to-end.
- Ongoing care plan — Monitoring, scans, backups, updates.
- Managed hosting — WordPress hosting with security built-in.