In recent months, we have seen a sharp rise in the number of WordPress websites that have been infected with Japanese keywords or content cloaking malware. This malware is designed to destroy the SEO of a website by injecting Japanese keywords into the website’s content or by cloaking the website’s content with irrelevant content. In this article, we will explore the Japanese Keywords Hack and malicious content cloaking in more detail. We will also discuss how to detect and prevent these attacks, focusing on safeguarding your WordPress website.

What is Malicious Content Cloaking?

Malicious content cloaking is a technique used by hackers to show different content to search engine crawlers and human visitors. This is done in order to deceive users and trick them into clicking on malicious links or downloading malware.

Here are some of the ways that malicious content cloaking can be used:

  • Promoting spam content: Hackers can use malicious content cloaking to promote spam content, such as fake news articles or advertisements for counterfeit products. This can be done by displaying different content to search engine crawlers, which will then rank the website higher in search results.
  • Tricking users into clicking on malicious links: Hackers can use malicious content cloaking to trick users into clicking on malicious links. This can be done by displaying different content to search engine crawlers, which will then link to the malicious website. When human visitors click on the link, they will be taken to the malicious website, where they may be infected with malware.
  • Distributing malware: Hackers can use malicious content cloaking to distribute malware. This can be done by displaying different content to search engine crawlers, which will then download the malware to the user’s computer. When human visitors visit the website, they will see the malware download in their browser.

Japanese Keywords Hack

Japanese keywords hack is a type of content cloaking that targets WordPress websites and injects gibberish Japanese text into the website’s content title and description, and then adds a large number of auto-generated links to the page. These links are not visible to human visitors, but they are displayed to search engine crawlers. This allows the hacker to manipulate search engine results pages (SERPs) and rank the website higher for Japanese keywords.
Japanese keywords hack

Pharma hacks

These hacks target people who are searching for healthcare products online. The malicious website will display a legitimate-looking landing page to human visitors. However, when a search engine crawler visits the website, it will see a different page that is filled with spam content. This content may promote fake or counterfeit drugs or even try to steal personal information from visitors.

Pharma hack

Clickbait

Clickbait is content that is designed to attract clicks, often with misleading or sensationalized headlines. When a user clicks on a clickbait link, they may be taken to a website that is filled with spam content or malware.

Detecting Malicious Content Cloaking

Detecting malicious content cloaking, Japanese keyword hacks and Pharma hacks requires vigilance and regular security checks.

  1. Use the site: operator in Google Search to see all the indexed pages on your website. Check if the results show legitimate or Japanese keywords, pharmaceutical products, or anything that doesn’t belong to you.
  2. In Google Search Console, check for newly added site owners, recently added unrecognizable sitemaps, and a large number of newly indexed pages under “Indexings.”
    performance drop and indexing spike
  3. Use a reputable remote security scanner, such as SecureWP Security Scanner, to identify potential cloaking and vulnerabilities. It only takes a few seconds to get an instant report on website security, including content cloaking and Japanese keywords.
    securewp scanner detects Japanese keywords hack

Cleaning a WordPress Website with Content Cloaking Malware

We recommend hiring a reputable website security company to clean up a compromised WordPress website, but you can take some initial steps yourself.

Here are the initial steps you can take to clean up a compromised WordPress website:

  1. Scan your website for malware. There are many reputable website security scanners available that can help you to scan your website for malware. Once you have scanned your website, you will be able to see if there is any malicious content present.
  2. Remove the malicious content. Once you have identified the malicious content on your website, you will need to remove it. This may involve editing your website’s code or using a security tool to remove the malware.
  3. Patch your website’s security vulnerabilities. Content cloaking malware often exploits security vulnerabilities in websites. Once you have removed the malicious content, you should patch any security vulnerabilities that were exploited. This will help to prevent the malware from being re-installed on your website.
  4. Change your passwords. If you think that your website’s passwords have been compromised, you should change them immediately. This will help to prevent the malware from accessing your website again.
  5. Monitor your website for suspicious activity. Once you have cleaned your website of content cloaking malware, you should monitor it for suspicious activity. This includes looking for spikes in traffic, login attempts from unauthorized IP addresses, and changes to your website’s code.
  6. Website security hardening with a WordPress security plugin In addition to the steps above, you can also harden your WordPress website’s security by installing a security plugin. There are many reputable WordPress security plugins available, such as Wordfence, Sucuri, and iThemes Security. These plugins can help you to scan your website for malware, block malicious traffic, and harden your website’s security settings.

 

Dropping Spam Pages from Google Search

In addition to the steps above, you should also audit your Google Search Console account for any unauthorized site owners or sitemaps. Content cloaking malware often adds new site owners and submits spam sitemaps to Google Search Console. You should remove any unauthorized site owners and sitemaps from your account. You may also want to remove any spam pages from search results that have already been indexed. You can do this using the Removal Tools in Google Search Console, as explained in this blog post.

Prevention Strategies

Safeguard your WordPress website with these proactive measures:

  1. Regular WordPress Updates: Stay current with WordPress security updates, curbing vulnerabilities that hackers exploit.
  2. Robust Passwords: Bolster defenses with strong, regularly changed passwords.
  3. Install Security Plugins: Leverage reputable security plugins to scan for vulnerabilities, block malicious traffic, and more.
  4. Discerning Plugin Choices: Exercise caution while selecting plugins, opting for trusted ones with positive reviews.
  5. Trusted Plugin Sources: Only download plugins from reputable sources like the WordPress Plugin Directory.
  6. Regular Backups: Regularly back up your website to restore its original state if a compromise occurs.

For further insights on safeguarding your WordPress site, explore our other informative blog posts: “Top 10 Tips to Strengthen Your WordPress Site’s Security” and “How to secure WordPress website from hackers

These resources provide invaluable guidance for maintaining the highest level of protection for your digital assets.