If your website has been compromised by a Japanese keyword hack, resulting in unwanted URLs indexed by Google, don’t worry. This step-by-step guide will help you clean your site, remove malicious content, and restore its SEO reputation. 

Step 1: Temporarily Hide Malicious URLs in Google Search Console 

  1. Access Google Search Console: Navigate to the “Removals” tab. 
  2. Identify the URL Pattern: Look for patterns in hacked URLs, such as example.com/video/123456 or example.com/product/abc. For complex cases (e.g., infinitysoftsystems.com/2 or .shtml extensions), note all variations (e.g., /1, /2, etc.). 
  3. Request Pattern Removal: Select the second option (pattern removal) and enter the pattern (e.g., example.com/video/ or infinitysoftsystems.com/2). For multiple patterns, submit separate rules. 
  4. Wait for Processing: Google will hide these URLs from search results within 2–3 hours. This is a temporary measure (lasting up to 6 months). 

Caution: If a legitimate URL matches the pattern, it may also be hidden. This is rare, as hackers typically use distinct patterns to avoid conflicts with existing URLs. 

Step 2: Begin Website Cleanup 

While Google processes the removal, start cleaning your website: 

  1. Check robots.txt: Hackers often add fake sitemap URLs to robots.txt. Delete the compromised file and upload a clean version, ideally without sitemap URLs for safety. 
  2. Fix Sitemaps: In Google Search Console, remove incorrect sitemaps and submit the correct one (e.g., example.com/sitemap_index.xml). 
  3. Backup Your Site: Before making changes, create a full website backup (excluding suspicious files) to avoid data loss. 

Step 3: Remove Malware Completely 

  1. Scan for Suspicious Files: Check your root directory for unfamiliar files (e.g., wp222.php, hp.php, or lind.php). Use plugins like Wordfence or Sucuri for automated scans, but also perform manual checks.
  2. Delete Malicious Files: Remove suspicious files, ensuring they are permanently deleted (not sent to the hosting trash). Use ChatGPT or a developer to verify if a file is harmful before deleting it.
  3. Check Plugins and Themes:
    a. Deactivate all plugins or rename the wp-content/plugins folder to disable them temporarily. Verify if the issue persists.b. Inspect the theme’s functions.php file for malicious code.c. Check the mu-plugins directory, as hackers may hide code in must-use plugins. If unsure, delete the folder and ask your hosting provider to reinstall clean versions.
  4. Use Sucuri for Hardening: Install the Sucuri Security plugin and enable its hardening options to block executable files in non-essential folders, preventing further malware execution. 

Step 4: Restore SEO Elements 

After removing malware, ensure your website’s SEO is intact: 

  1. Review SEO Components: Check meta tags, titles, and descriptions for any hacker alterations. 
  2. Verify Sitemap: Confirm the correct sitemap is submitted in Google Search Console and that valid pages are indexing. 
  3. Monitor Indexing: Use Google Search Console to check if key pages (e.g., homepage) are indexed. To confirm, search for a unique phrase from your page (e.g., three words before and after a period) in quotes on Google. If it appears, the page is indexed. 

Step 5: Permanently Remove Harmful URLs 

To prevent Google from re-indexing malicious URLs after the 6-month temporary removal: 

  1. Set 410 Gone Status: Add a rule in your .htaccess file to return a 410 Gone status code for hacked URLs. For example, for .shtml URLs:
    RewriteEngine On
    RewriteCond %{REQUEST_URI} \.shtml$ [NC]
    RewriteRule ^ – [L,R=410]
  2. Test URLs: Visit a hacked URL to confirm it returns a 410 status (use a browser’s developer tools or an online status checker). 

Step 6: Post-Cleanup Actions (Optional) 

  1. Check Log Files: Analyse server logs to understand bot behaviour post-hack. If bots (e.g., Meta’s external agent) are aggressively crawling, temporarily block non-essential bots (except Google, Bing, etc.) to reduce server load. 
  2. Restore Rankings: If your site’s indexing is reduced (e.g., fewer URLs appear in site: queries), improve rankings with quality content and reputable backlinks. 
  3. Monitor Performance: Use Google Search Console’s 24-hour or 7-day reports to confirm impressions and clicks are returning. 

Additional Notes 

  • Purpose: This process removes malicious content, restores website functionality, and controls search visibility. 
  • Timing: URL hiding takes 2–3 hours, during which you should complete the cleanup. Permanent fixes ensure long-term recovery. 
  • Caution: Always back up your site before deleting files or making changes. For complex hacks, consult a developer or security expert. 
  • SEO Insight: Not all websites need SEO. If your audience doesn’t rely on search (e.g., B2B clients), focus on cleanup over ranking recovery. 

Bonus Tip: Use keyword density checkers to make sure your content is well-optimised before resubmitting to Google.

What I thought-  

This comprehensive approach ensures your website recovers from a Japanese keyword hack, removes malicious URLs, and restores its SEO health. Follow each step diligently and consider advanced actions like log analysis or bot management for complex cases. By acting promptly, you can protect your site and regain its visibility on Google Search.