Japanese SEO Spam Removal: Professional Cleanup Guide for WordPress

Professional Approach to Japanese Spam Removal

Japanese SEO spam removal requires a systematic, thorough approach. As security professionals, we've cleaned hundreds of infected WordPress sites and developed a proven methodology. This guide shares the exact process we use to ensure complete removal and prevent reinfection.

Incomplete cleanup is the #1 reason sites get reinfected. Attackers leave multiple backdoors, and missing even one means they'll be back within days or weeks.

Pre-Cleanup Preparation

Document the Infection

Before cleaning, gather evidence:

• Screenshot infected Google search results
• List all spam URLs found
• Note the date you discovered the infection
• Download server access logs if available

Create Complete Backup

Backup everything before changes:

• Full file backup (all directories)
• Database export
• Store separately from site
• Label as "infected" for reference

Set Up Clean Environment

• Download fresh WordPress from wordpress.org
• Get fresh copies of your theme
• Get fresh copies of all plugins

Phase 1: Identify All Infection Points

Install WP Folder Shield

If you can access wp-admin, install WP Folder Shield and run a full scan. This identifies:

• Malware files
• Modified core files
• Backdoors
• Database infections

Manual File Review

Check these locations manually:

Root Directory

• Look for any PHP files that aren't standard WordPress
• Check for hidden files (starting with .)
• Review .htaccess for malicious rules

wp-content/uploads/

• Search for ALL PHP files: find . -name "*.php"
• Any PHP here is suspicious
• Check for hidden directories

wp-includes/

• Compare against fresh WordPress
• Look for extra files
• Check file modification dates

Database Review

Check for spam content:

-- Find spam posts
SELECT ID, post_title FROM wp_posts
WHERE post_content LIKE '%日本語%'
OR post_content LIKE '%[japanese]%';

-- Check options for injected code
SELECT option_name, option_value FROM wp_options
WHERE option_value LIKE '%eval(%'
OR option_value LIKE '%base64_decode%';

Phase 2: Clean Files

Replace WordPress Core

Don't try to clean core files - replace them:

1. Delete wp-includes/ directory
2. Delete wp-admin/ directory
3. Delete root PHP files (except wp-config.php)
4. Upload fresh WordPress files

Clean wp-config.php

Review carefully:

• Remove any code before
• Remove code after "stop editing" line
• Verify database credentials are correct
• Generate new security keys

Clean Uploads Directory

• Delete ALL PHP files
• Delete suspicious directories
• Check .htaccess files within
• Keep only legitimate media files

Reinstall Themes and Plugins

• Delete all theme directories
• Delete all plugin directories
• Install fresh copies from official sources
• Never use nulled/pirated versions

Phase 3: Clean Database

Remove Spam Content

-- Delete spam posts (adjust conditions as needed)
DELETE FROM wp_posts WHERE post_content LIKE '%suspicious_pattern%';

-- Clean postmeta for deleted posts
DELETE FROM wp_postmeta WHERE post_id NOT IN (SELECT ID FROM wp_posts);

Remove Hidden Users

-- List all administrators
SELECT * FROM wp_users WHERE ID IN (
  SELECT user_id FROM wp_usermeta
  WHERE meta_key = 'wp_capabilities'
  AND meta_value LIKE '%administrator%'
);

Delete any users you don't recognize.

Clean Options Table

Review and clean:

• Scheduled actions/cron jobs
• Widget content
• Theme customizations

Phase 4: Secure the Site

Change All Credentials

• WordPress admin passwords
• Database password (update wp-config.php)
• FTP/SFTP passwords
• Hosting panel password

Configure WP Folder Shield

• Enable directory protection
• Activate firewall
• Enable file integrity monitoring
• Set up login security
• Configure email alerts

Update Everything

• WordPress to latest version
• All plugins
• Theme
• PHP version (if possible)

Phase 5: Google Recovery

Remove Spam URLs

In Google Search Console:

1. Use Removals tool for spam URLs
2. Request removal of entire directories if needed

Submit Clean Sitemap

1. Generate new sitemap
2. Submit in Search Console
3. Request reindexing of clean pages

Request Reconsideration

If you have a manual action:

1. Document all cleanup steps
2. Submit detailed reconsideration request
3. Be patient (1-4 weeks for review)

Post-Cleanup Monitoring

For the next 30 days:

• Daily WP Folder Shield scans
• Monitor Search Console daily
• Check Google search results weekly
• Review access logs for suspicious activity

Conclusion

Professional Japanese spam removal requires patience and thoroughness. By following this systematic approach and implementing WP Folder Shield's protection, you can completely clean your site and prevent reinfection. Remember: incomplete cleanup guarantees reinfection. Take the time to do it right.