What is Japanese Keyword Hack?
Japanese Keyword Hack (JKH) is one of the most common types of SEO spam attacks on WordPress websites. The attacker adds thousands of pages with Japanese characters to your website, which redirect users to fraudulent online stores. Google indexes these pages, and as a result your domain may receive a penalty.
In 2025 and 2026, we are seeing a massive increase in these attacks in Czechia. Hundreds of Czech business websites and e-shops have already been hacked.
How do you know your website has been hacked?
The most common signs of Japanese Keyword Hack:
- Thousands of new pages with Japanese characters appear in Google Search Console
- When searching
site:yourdomain.comon Google, you see Japanese text - Unknown .php files appear in the website directory (often in
/wp-content/) - Organic traffic suddenly drops
- Google shows a warning: “This site may have been hacked”
Attackers often hide malicious code so that the website administrator does not see the changes. For regular users the pages look normal — only Googlebot sees the Japanese content.
How to protect yourself proactively
- Update WordPress, plugins, and the theme — 90% of attacks exploit known vulnerabilities in outdated software
- Strong passwords — the admin account should have a 16+ character password created with a generator
- Two-factor authentication (2FA) — Wordfence or WP 2FA plugin
- Security plugin — Wordfence, Sucuri, or iThemes Security
- Regular backups — UpdraftPlus or daily server backups
- Change the database prefix — the default
wp_is the first thing attackers try
How to remove Japanese Keyword Hack?
Removing JKH is a complex process that requires technical knowledge:
- 1. Identification — scanning files for malware (Wordfence, Sucuri Scanner)
- 2. Cleaning — manually removing infected files and database records
- 3. Closing vulnerabilities — updating the entire website, changing passwords, removing unnecessary plugins
- 4. Google Search Console — submitting a request for a website review
- 5. Monitoring — monitoring the website for 30 days to make sure the attack does not return
Do not try to solve the problem only by restoring the website from a backup — the backdoor was most likely already present in the backup. You need to find and remove the root cause of the hack.
Leave it to us
At LamaPixel, we specialize in cleaning hacked WordPress websites. We have already successfully restored dozens of websites after attacks. The complete service includes:
- In-depth analysis and identification of the attack source
- Complete removal of malware and backdoors
- WordPress hardening against repeated attacks
- Communication with Google to remove the penalty
- 30-day monitoring after cleanup
Cleanup price: from 5 000 Kč. We clean most websites within 24–48 hours.
