DEV Community

MD Pabel
MD Pabel

Posted on • Originally published at mdpabel.com on

How to Fix “Japanese Keyword Hack” in WordPress (The Hard Way)

#cybersecurity #security #tutorial #wordpress

If you check your site on Google and see thousands of weird pages with Japanese characters selling fake products, you have been hit by the Japanese Keyword Hack.

This is a very common virus. It creates thousands of fake links on your site.

Most people try to fix this with a security plugin. But plugins often crash your site because they can’t handle thousands of bots hitting you at once.

In this guide, I will show you how to block these attacks manually using a “Firewall.” We will do this by editing a file called .htaccess. This blocks the bad bots before they even touch your WordPress site.

Google search results showing Japanese keyword hack spam links with Japanese characters
Example of what the Japanese Keyword Hack looks like in Google Search.

Part 1: Why “410 Gone” is Better Than “404 Not Found”

When you delete a file, your site normally shows a 404 Error.

  • 404 means: “I can’t find this page right now. Please check back later.”
  • Google thinks: “Okay, maybe it was a mistake. I will keep this link in my database and check again next week.”

This is bad! You want Google to forget these spam links immediately.

That is why we use 410 Gone.

  • 410 means: “This page is dead. It is removed forever. Do not come back.”
  • Google thinks: “Understood. I will delete this from my database immediately.”

By using 410, you clean up your Google search results much faster.

Part 2: Saving Your Server CPU

When a bad bot visits your site, your server normally loads your theme, your logo, your menu, and your footer just to show an error page. This uses a lot of power (CPU).

If 10,000 bots hit you, your server will crash.

We can fix this by forcing the server to show a plain white screen with simple text.

Add this to the top of your .htaccess file:

# 1. FORCE SIMPLE TEXT RESPONSE
# This stops your heavy theme from loading for spam bots.
ErrorDocument 410 "<h1>410 Gone</h1><p>Resource permanently removed.</p>"
Enter fullscreen mode Exit fullscreen mode

Now, when we block a bot, it only gets a tiny line of text. Your server stays fast.

Part 3: The “Safe List” (Don’t Lock Yourself Out!)

Before we start blocking things, we must make sure you are safe. We don’t want to accidentally block the Admin area or the Login page.

This code says: “If the user is trying to log in or is an admin, let them pass immediately.”

<IfModule mod_rewrite.c>
RewriteEngine On

# 2. GLOBAL WHITELIST (The Safe List)
# If the URL is for Admin or Login, skip the rest of the rules [L]

RewriteCond %{REQUEST_URI} ^/wp-admin/ [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-login.php [NC,OR]
RewriteCond %{REQUEST_URI} ^/reset-password/ [NC]
RewriteRule .* - [L]
Enter fullscreen mode Exit fullscreen mode
  • [L] means “Last Rule”. It tells the server: “This person is safe. Stop checking and let them in.”

Part 4: Blocking the “Bad Words”

The easiest way to stop spam is to look for obvious bad words in the URL.

If a URL contains words like “casino” or “poker,” it is almost certainly spam. We can block these instantly.

# 3. BLOCK PATHS (The Bad Words Filter)
# If the browser asks for any of these words, block it.

RewriteCond %{THE_REQUEST} (casino|gambling|viagra|cialis|poker|baccarat|roulette|jackpot|porn|dating) [NC]
RewriteRule ^(.*)$ - [R=410,L]
Enter fullscreen mode Exit fullscreen mode
  • %{THE_REQUEST} checks the raw command the browser sent to the server.
  • [R=410] tells the server to send the “410 Gone” error we created in Part 1.

Example of spam URLs containing keywords like casino and poker in search results

Part 5: Blocking the “Random Number” Trick

This is the smartest part of the virus.

The virus often adds random numbers to your URL to make it look unique. It looks like this:

  • your-site.com/?a=83748293
  • your-site.com/?x=99384721

It uses a single letter (like a or b or x) followed by many numbers. Legitimate plugins rarely do this.

Spam URLs showing the random number query string pattern ?a=12345678

We can use “Regular Expressions” (Regex) to find this pattern and kill it.

# 4. BLOCK QUERY PARAMETERS (The Pattern Killer)
# Pattern: A single letter (a-z) followed by 8 or more digits

RewriteCond %{QUERY_STRING} (^|&)[a-z]=[0-9]{8,} [NC]
RewriteRule ^(.*)$ - [R=410,L]
Enter fullscreen mode Exit fullscreen mode
  • [a-z] means “Any letter from a to z”.
  • [0-9]{8,} means “Any number that is 8 digits or longer.”
  • If a URL matches this pattern, it gets the 410 error instantly.

Part 6: Blocking Fake Folders

Finally, the Japanese spam often tries to create fake folders. Even though these folders don’t exist on your computer, the virus tricks WordPress into showing pages for them.

Common fake folders are /jp/ (for Japan) or /products/.

# 5. BLOCK SPAM FOLDERS
# If the URL starts with these folders, block it.

RewriteRule ^products/([0-9]+) - [R=410,L]
RewriteRule ^pages/(.*) - [R=410,L]
RewriteRule ^jp/(.*) - [R=410,L]
RewriteRule ^(.*)\.html$ - [R=410,L]

</IfModule>
Enter fullscreen mode Exit fullscreen mode

Note: The last line (.*)\.html$ blocks any URL ending in .html. Most WordPress sites do not use .html files (they use folders like /about-us/). If your site uses .html, remove that line.

Spam URLs showing fake directories like /jp/ and /products/ mixed with Japanese text

Summary

This firewall is powerful because it works Server-Side.

  1. A bot visits yoursite.com/?a=12345678.
  2. Apache (the server) sees the Pattern Rule (Part 5).
  3. It immediately says 410 Gone.
  4. It shows the simple text message (Part 2).
  5. WordPress never even loads.

Your database is safe, your CPU is low, and Google cleans up your index fast.

Caution: Always backup your .htaccess file before editing it! One wrong character can break your site. If that happens, just restore the backup.

Top comments (0)