How To Fix Hacked WordPress Website After Chinese/Japanese Attack

Cyber threats have become increasingly sophisticated and prevalent in recent years, posing significant challenges to website owners worldwide. One such menacing trend on the rise is the Spam Link Injection attack on WordPress websites. Some people mention it as a WordPress attack, and few call it a Japanese attack/Chinese attack. Whatever the name may be, these attacks severely hinder the performance of your website.  People have been struggling to fix their hacked WordPress websites, making it a challenging task!

Spam links can drastically affect your website SEO and Google Adwords, which can ultimately de-rank thousands of pages, and your years of hard work can go in vain in just a few minutes. Are you facing the same issue on your website? Not to worry! We have found a solution to fix your  hacked WordPress website in just a few simple steps. This blog will delve into what spam link injection is, its impacts, how to detect SEO spam, crucial steps to fix hacked WordPress websites, and prevent it from such Japanese/Chinese spam attacks.

What is Spam Link Injection Attack?

Cybercriminals use Spam Link Injection as a tactic to attack websites. This involves injecting harmful scripts into the target website’s source code, which can lead to various issues such as SEO hijacking, malicious redirects, and email spam. The main goal of the attackers is to promote their spammy websites by inserting malicious code into the legitimate site’s source code. By infecting high-ranking pages, they can increase the visibility of their spam sites on SERPs (Search Engine Results Pages).

This attack can manifest in various ways:

• A large number of duplicate pages can be created.
• Injecting links to the targeted site’s existing pages and redirecting legitimate users to a spammy website.
• Your legitimate site may display promotional ads.

These attacks are usually challenging to detect as hackers continue to enhance their hiding techniques, which makes it challenging for a website owner to know about the exact location and malicious script in the site’s code.

How Spam Link Injection Works

Spam link injection is a technique used by malicious actors to manipulate search engine rankings and gain undeserved visibility for their own websites. Here’s an overview of how spam link injection works:

• Injecting spam links: After gaining access to the website, the spammers inject their own links into the website’s pages. They may add the links in various places such as hidden content, footers, sidebar widgets, comment sections, or even within legitimate-looking content.
• Increasing link visibility: The injected links are often designed to promote the spammer’s website or a particular product or service. By adding these links to multiple websites, they aim to increase the visibility and search engine rankings of their own site. Search engines consider backlinks as a signal of a website’s authority and relevance, so the spammers try to manipulate these signals to their advantage.
• Masking the injected links: Spammers may employ techniques to hide the injected links from website visitors while still making them visible to search engine crawlers. They can use CSS tricks, JavaScript obfuscation, or other methods to conceal the links from human users, making it harder for website owners to detect spam.

Identifying Spam Link Injection in Your WordPress Website

Let’s look at one of the examples of the customer website where we identified a spam link injection attack. The images attached below show how an attacker tries to hack your website, where he injects code in the main header of the website so that whenever a user visits any page, it will show the malicious content on the website.

From the above images, it must be clear that the hacker is attempting to redirect search engine bots or specific user agents to different URLs and retrieve content from them. This is part of a malicious attempt to manipulate search engine rankings or perform other unauthorized actions. 

You must have understood by now how attackers inject code into your website and hamper your website security. However, you must be curious to know how hackers got access to your WordPress website. Let’s check out how these hackers move forward, destroying the top-ranking pages of your website! 

How Do Hackers Get Access to Your WordPress Website?

There are various security breaches that need to be addressed if you want to reach the crux and fix your hacked WordPress website. Let’s find out how the hackers must have attacked your website. 

• Brute Force Attacks: Repeatedly attempting different username and password combinations until finding the correct credentials.
• Plugin and Theme Vulnerabilities: Exploiting vulnerabilities in outdated or poorly coded plugins and themes.
• Weak Administrator Credentials: Gaining access by exploiting weak passwords or default usernames.
• Cross-Site Scripting (XSS): Injecting malicious scripts into vulnerable plugins or themes to manipulate website content or steal user information.
• SQL Injection: Exploiting vulnerabilities to execute malicious SQL queries and gain unauthorized access to the website’s database.
• Access to DB, Website Backups: Sometimes, the developers take the backup of the database and website in common folders, which are accessible to the public.

Signs of Spam Link Injection Hack On Your Website

Detecting a spam link injection attack is not always straightforward, but there are a few signs you can look out for:

Spam Links

Spam links are the most obvious sign of link injection. They are typically unrelated to your content, leading users to irrelevant or malicious sites. If you start noticing links on your website that you didn’t add, especially those pointing towards dubious or low-quality sites, it’s a clear indication that your site may be a victim of spam link injection.

URL Injection on Google Search Console

Google Search Console can help identify URL injections, where hackers create new, unauthorized pages on your website that appear in search results. These pages often contain spammy or malicious content. If Google Search Console is showing pages you didn’t create, it’s a sign of URL injection.

An Unusually Large Number of New Pages

If you notice an uncharacteristically large number of new pages on your website, it could be another sign of spam link injection. These pages are often filled with keyword-rich content and spam links.

How To Check if Your Website is Hacked?

You can see some of the signs that your WordPress website is hacked, and if you want to reconfirm about the spam link injection hack, then you can confirm it using the following ways mentioned below.

Blacklisted by Google

Google actively scans websites for malicious activity and can blacklist sites found to be harmful. If your site is blacklisted, you may receive a warning from Google, and your website’s search rankings may drop down. Google Search Console can notify you about any security issues detected.

Google Analytics for Malicious Keywords

Another way to check if your website has been hacked is by using Google Analytics. Look for an unusual spike in traffic or bounce rates. Also, check your site’s keywords; if you see unfamiliar or inappropriate keywords, it could indicate that your site has been hacked.

Web Host Suspension

Hosting providers monitor for unusual or suspicious activity. If your hosting provider suspends your account due to potential security threats, it’s a clear sign your site may have been hacked.

WordPress Security Plugin

WordPress security plugins can detect malicious activity on your site. WordPress plugins scan for changes in your site’s files, unusual login attempts, and other suspicious activities. If the plugin alerts you to such issues, it’s a strong sign that your site might have been compromised.

Impacts of Spam Link Injection Attacks

The effects of spam link injection are numerous and can severely impact your website’s reputation and SEO. Thousands of WordPress sites have been infected with the SEO spam hack and the notorious website redirection hack, affecting their existing content and SEO significantly.

Users have reported seeing spammy links in their search results, creating confusion and mistrust among their audience. Some websites have even had to grapple with spam URLs found in their site’s source code. Hackers have been known to create directories in databases and create pages of various spam content.

Let’s give a glance at a real-life example from a customer website that will give you a clear understanding with respect to the impact of spam link injection on the website.

As you can see, the website originally had 800 pages, but within 4-5 days, over 113,000 additional pages were added through a virus code. As a result, website traffic decreased from 68,000 impressions to 15,000.

After the hacker infects the site, he creates multiple fake spam pages. The customer website became the target of Japanese SEO Spam or Japanese Keyword Hack, where auto-generated Japanese SEO Spam pages were seen on the website. You can check the screenshot attached below for a better understanding.

So, whenever any user visited the website, they were able to see malicious content, ensuring that the customer’s site had been hacked through this spam. We have attached the screenshot below for your reference:

Note: If you want to see the extra pages of the site affected by Japanese Spam Hack, Chinese Link Hack, or SEO Spam Hack, you can use the site operator in the Google search. 

For root pages- Site:yourhackedwebsite.com

For child pages- Site: yourhackedwebsite.com/child

How To Fix Hacked WordPress Website?

Once you’ve identified a spam link injection, it’s crucial to take immediate steps to rectify the issue. Here are some steps you can take to remove and protect your website from these attacks:

• Remove malicious code: Scan your website’s source code for any malicious scripts or links that hackers may have inserted. Remove these as soon as they’re found.
• Update and strengthen your security: Regularly update your website and its plugins to the latest versions, as these often include security patches. Also, use strong, unique passwords and employ two-factor authentication whenever possible.
• Backup your website regularly: Regular backups can help you restore your website to a version before the attack quickly.
• Use a security plugin or service: Consider using a security plugin or service that provides real-time monitoring and protection against various kinds of cyber threats, including spam link injections.

How To Remove Spam URLs After Website Hack

Now, we are assuming that you have removed the malicious code from your website, and now it is time to remove all the spammy links from your website. It’s time to take you to the next step, where we will tell you how you can find and build a list of spammy links.

Here are some of the example pages that were created:

Step 1: Export URLS from Google Search Console

To find and export URLs from Google Search Console for indexed or non-indexed pages, you can follow this course of action:

• Log in to your Google Search Console account.
• Select the website property for which you want to export the URLs.
• In the left-hand menu, click on the “Pages” section.
• On the page, you will see a list of URLs categorized by their indexing status (Valid, Excluded, Error, etc.).
• To export the URLs, click on the “Export” button located above the list of URLs. Choose the desired export format, such as CSV or Google Sheets.
• Save the exported file to your computer.

Step 2: Submit Spam URLs in Remove Outdated Content

• There is an export button on the top right corner of these pages, you can export these URLs and find and filter all the URLs which are not correct. 
• Once you are prepared with the data, you can submit those URLs in Google outdated content to permanently delete those URLs.

Google’s “Remove Outdated Content” tool is a specific tool designed to help users (not necessarily webmasters or site owners) request the removal of outdated content from Google’s search results. It’s often used when old content that’s no longer present on a website still appears in Google’s search results – for instance, if a page has been deleted or significantly updated, but Google’s cache hasn’t yet caught up with the change.

How To Permanently Remove URLs From Google Search Results

After you have removed all the spam URLs, it’s time to remove URLs from Google Search results permanently. For this, you need to follow a different process. Google provides guidelines for this, and here are the steps to permanently remove URLs:

Step 1: Remove the content from your website 

Before attempting to remove URLs from search results, make sure you have removed the content from your website or the web pages are no longer accessible.

Step 2: Block Search Engines From Crawling The Url

To prevent search engines from accessing the URL, you can use either of the following methods:

• Robots.txt file: Create or modify the robots.txt file on your website’s root directory to disallow the specific URL or directory. The robots.txt file tells search engines which parts of your website to crawl and index. Here’s an example of blocking a URL:

• Meta tags: Add the “noindex” meta tag to the HTML head section of the page you want to remove. This tag instructs search engines not to index the page. Here’s an example:

Step 3: Remove URLs

If you want to remove URLs, you have two options – you can either submit a URL removal request in Google Search Console that will remove the URLs one by one, or you can remove URLs using the Chrome extension. Let’s check out both methods. 

URL Removal Request in Google Search Console

If you have an Excel file with URLs, you can either submit a URL removal request in Google Search Console one by one like:

• Sign in to your Google Search Console account at https://search.google.com/search-console.
• Select the property (website) for which you want to remove URLs.
• In the left-hand menu, click on “Removals.”
• Under the “Outdated content” section, click on “New removal request.”
• Enter the URL you want to remove in the provided field.
• Click on “Next.”
• Choose the removal type as “Remove the page from search results and cache.”
• Click on “Submit Request.”

Removing URLs Through Chrome Extension

Another method is where you can remove URLs directly using the Chrome extension without any hassle. This extension allows you to remove thousands of pages in one click! 

• Sign in to your Google Search Console account at https://search.google.com/search-console.
• Select the property (website) for which you want to remove URLs.
• Install the Chrome extension.“https://chrome.google.com/webstore/detail/gsc-bulk-urls-removal-out/kallgfapocmbhjdcmdoelhklbejophck” This is a paid extension that charges USD 9.99.
• Submit your CSV files on this extension by following the steps, it will do the rest for you.

Please note that Google may take some time to process the removal request, and there’s no guarantee that the URL will be removed immediately. Additionally, this process only affects Google Search, and other search engines may still index and display the URL unless you take similar actions for those search engines as well.

APPWRK IT Solutions: Your Partner in Fixing Your Hacked WordPress Website

From the above discussion, you might have understood that managing your hacked WordPress website after a Japanese or Chinese spam attack can be a daunting task. However, there is always a way out of every problem. APPWRK IT Solutions is one of the most reputed companies in the industry that provides website recovery and security measures to customers worldwide.

We have an experienced team of professionals that can help you move out of this trap of spam link injection and provide you guidance regarding any cyber attacks. Our team not only fixes the website but also provides other preventive measures so that it remains secure against any future threats. 

Contact us to repair your hacked WordPress website and strengthen it against any future attacks!