Are you unable to log in to your website's CMS? Are you being redirected when trying to access your website? Maybe, you've received a notification that unknown user(s) are being added to your Google Search Console.

Most importantly, do you notice Japanese text showing up in the search results when you enter your website on Google? Even award-winning websites sometimes face this issue.

If so, your website has become a victim of the Japanese Keyword Hack.

What is a Japanese Keyword Hack?

It's a malware infection wherein hackers inject spammy Japanese texts into your web pages. Then, when Google indexes these pages, your appearance on search engines is manipulated, and your website starts ranking for Japanese keywords.

Hackers do this to promote things that would otherwise not be allowed under Google Ads or search policies. Since visitors don't realise that you're a victim of the hack, they would consider it a poor experience. Even if they know it, they may get scared of having the malware attack their website, making them leave quickly.

Diagnosing the Japanese Keyword Spam on your Website

In order to diagnose the malware, you have to deep scan your website – using a tool and/or manually scanning.

Use a reliable website scanner that deeply scans your website for every instance of the Japanese Keyword Hack. The scanner should look into every file and database table for malware code. Some recommended tools are Indusface WAS, Sucuri, and Google Malware Checker, to name a few.

You can use other diagnostics such as:

> Check search results for your site. Use the site:mysiteurl.com Japan to look for evidence of the Japanese Keyword Hack on your website

> Check the number of search results. Does the number match the number of pages you have created on the website? The Japanese keyword malware can add 100s or even 1000s of pages to your website.

> Find out the users on your Google Search Console for any odd users. Also, check your sitemap, a different one from what you added to your website. The new sitemap must be added by an unauthorised user and will certainly contain spam pages.

> More than one .htaccess file

> Check the Security Issues to see if Google’s scanners have flagged suspicious content while crawling your website.

> Use a URL inspection tool to check if the page is genuinely unavailable or is using cloaking to show a different version.

How to Fix the Japanese Keyword Hack

Once you have identified the hack, you need to remove it from your website. You can do this manually or by using a security plugin such as Wordfence or Sucuri Security. If you are not comfortable doing this yourself, consider hiring a professional to help you.

Other ways to fix and prevent the Japanese Keyword Hack are:

> Change your passwords: Change your website's login credentials, including your password and username. Use strong passwords that are difficult to guess and include a mix of upper and lowercase letters, numbers, and symbols.

> Harden your security: Install a security plugin, use HTTPS, and implement two-factor authentication. These measures can help protect your website from future attacks.

> Request a review: After you have fixed the hack, request a review from Google or your website host to ensure that your website is safe and the hack has been removed from search engine results.

Hopefully, you find this guide useful. Best of luck!