More than 51% of hacked websites contain SEO spam. Clearly, SEO spam attacks are a very common form of attack. SEO Spam can be of different kinds, one of the most pervasive ones include – the PHP Japanese keyword hack. Do you see strange Japanese words spread throughout your website? If yes, then your website has been a victim of PHP keyword hack, also known as, PHP Japanese Keyword hack.
In a PHP keyword hack, auto-generated gibberish texts start appearing on pages all over our website. Attackers register themselves as owners of these texts and hijack search engine results. These pages also often contain links to websites selling fake merchandise. This shows how attackers monetize from the insertion of these illicit and malicious links. A PHP Japanese keyword hack, pages start appearing with arbitrary Japanese titles and descriptions in search engine results. Such types of SEO attacks are also known as “Japanese SEO spam” or “Japanese symbol hack”.
How does this PHP keyword hack affect my website?
Cyber-attacks can cause short term effects as well as long term effects on a website. Cases like an SEO spam hack or SEO poisoning leave behind a trail of destruction that might be very difficult to rectify. In these cases, even after you have removed the malware and cleaned the malicious links, it is almost impossible to restore your SERPs and Google ranking back to what they were before the hack instantly. Which is why PHP keyword hacks are all the more detrimental.
Not to forget that a lot of effort goes into creating a website and building its reputation. A website’s branding is often the first casualty of a PHP Japanese keyword hack.
In fact, while investigating PHP keyword hack on one of our client’s website, we found that there was a sharp decline in visitors right after the website was hacked. Metrics such as total clicks, impressions, and even average CTR and position saw a decline during the time the website was hacked. Also, since SEO of the website took a hit, it left a lasting impact.
How to confirm PHP keyword hack?
Identify the hack using Google search engine
You can find pages that contain Japanese spam texts by using the command in Google search: site:[root site url] japan. This command will show up those pages from your website that contains the word “japan”. If you find any such pages then there is a PHP keyword hack on your website.
Take a look in Google Search console
Google search console contains all information about your website and is widely used by webmasters to control and maintain their websites. Once you log into the console, navigate to the “Security Issues Tool” option, and check all the results. If there is any PHP keyword hack present on your website, it might be listed.
Run your website through a scanner
Using a PHP Japanese keyword hack checker tool you can easily detect any hack within your website without all the hassle. In this link, you will find Astra’s PHP Japanese SEO hack scanner. This scanner will go through your entire website and find every infected page for cleanup.
Fixing the PHP Keyword hack
Backing up your website
Having a backup of your website is always a good idea as it can come handy to quickly install a fresh copy of your website and bring it up back online. However, before cleaning this malware, ensure that you have a backup of your website. In case something goes wrong, you can load up your backup version.
Verify any new user accounts in Google search console
In most cases, attackers have access to admin privileges and through it, they can change the settings of your website or install the PHP keyword hack. After you log in to your Search Console, check all the users that have admin access. If you find any unknown or suspicious users, remove them as they might be attackers.
Check your ‘.htaccess’ file
The ‘.htaccess’ file is one of the most important files for a website. Once attackers have access to it, they can redirect users and search engines to harmful pages or websites. If you have a clean copy of the file, replace the infected one with it. Audit the code and if you find any suspicious code snippets, you can comment them out by using “#”.
Verify the sitemaps in your website
Attackers often edit sitemaps or add new ones to make their links indexed faster. Check existing sitemaps and make sure that there are no unknown or addition or edits. If you find any new sitemaps, check them to see if they contain spammy links.
Check wp-config files
The Wp-config file holds all the configurations of your website. If attackers get access to this file, then they can easily edit the file to add malicious links and change the settings to make the PHP keyword hack more effective.Open the file and check if there are any recent unknown edits. Editing this file can be a risky task, as any deletion of vital files might bring down your website. Take a backup of this file before you make any changes in this file, which you can use in case of any unwanted errors in the file.
Remove uploaded malicious files
To find malicious files uploaded on your website you can go to the wp-content/uploads directory. Look for files that have blacklisted extensions such as ‘.php’, ‘js’ or ‘.ico’. Such files are often malicious in nature and are the cause of PHP keyword hack. Remove all such files to stop the hack.
Replace all core files, plugin and theme files
If you have a clean backup of your core files, you can replace the infected files with the backup files. It will ensure that all harmful codes or settings are undone.
Use a malware scanner
Using a malware scanner such as Astra’s will find any hidden malware on your website and remove it. It will crawl through your entire site and identify any harmful files or programs that might be purposefully hidden by attackers to make it difficult to detect and remove.
Also, check our detailed PHP Hack & Malware Removal Guide for more comprehensive steps.
It takes a lot of time and effort to build up a brand image and a simple PHP Japanese keyword hack can ruin it all. Even if you are able to proactively remove the hack, the impact can linger on, and recreating the reputation might feel like starting from scratch. By following a few simple steps such as below, you can keep your website safe from these hacks:
- Change all default passwords and use strong alphanumeric passwords for your account. Additionally, using 2 Factor Authentication will strengthen your website’s security and protect your users
- Use firewalls such as Astra, to keep harmful elements at bay. Astra’s security suite automatically protects your website and stops all malicious requests from even reaching your website. You can learn more about our security service here.
- Have regular backups of your website. Having a clean copy of your website is always helpful and especially in case, your website is brought down by attackers. Using the backup copy will allow you to quickly bring it back online. Most hosting servers provide options for automatic periodic backups
Investing in your website’s security is something that reaps benefits in the long run and prevents any potential losses. We understand how much hard work went on creating your website, and we at Astra can provide you the best security solutions for your website. With us, you will never have to worry about your website’s security.