How We Removed 242,000 Japanese SEO Spam Pages from a Hacked Site in 10 Hours

If you’ve ever dealt with a hacked WordPress site, you know how frustrating and damaging it can be. Recently, we tackled a massive Japanese SEO spam attack where more than 242,000 spam pages were indexed in Google. The challenge was not just removing the malicious content but also ensuring that it didn’t come back.

Here’s how we cleaned up the site and removed the spam pages from Google in just 10 hours.

Step 1: Cleaning Up the Malware

Before dealing with the indexed spam pages, we first focused on cleaning up the malware to stop the spam from regenerating:

Scanning for Malicious Files: We used tools like Wordfence, MalCare, and manual searches to identify backdoors and suspicious PHP files.
Removing Unknown Admin Users: Hackers often create admin users to regain access, so we checked and removed any unauthorized accounts.
Updating WordPress, Themes & Plugins: An outdated site is a prime target for hacks, so we updated:
- WordPress Core
- All Plugins
- All Themes
Checking .htaccess and wp-config.php: Hackers often modify these files, so we restored them to their default state.

Step 2: Analyzing the Hack

The next step was to analyze the structure of the hacked URLs. After scanning the site, we identified a pattern in the spam URLs:

https://domain.com/ahqdr/
https://domain.com/daaqx/
https://domain.com/jpkdf/
https://domain.com/qwerty/
https://domain.com/xyz123/

Most of these spam pages were generated in bulk and hosted on randomly generated subdirectories. The key observation was that all the spam URLs ended with .htm or .html.

Step 3: Removing Indexed Spam Pages from Google

To get these pages deindexed from Google quickly, we used Google Search Console (Webmaster Tool):

Navigate to: Removals → New Request → Remove all URLs with this prefix.
Submit the following prefixes:

https://domain.com/ahqdr/
https://domain.com/daaqx/
https://domain.com/jpkdf/
https://domain.com/qwerty/
https://domain.com/xyz123/
https://domain.com/*.htm
https://domain.com/*.html

This process told Google to remove those indexed spam URLs immediately.

Step 4: Adding a Robots.txt File

To prevent further indexing of these spam pages, we added the following robots.txt file in the site’s root directory:

User-agent: *
Disallow: /*.html$
Disallow: /*.htm$

This blocks all search engine crawlers from accessing any pages that end with .html or .htm, ensuring that no new spam pages get indexed.

Step 5: Strengthening Security

To prevent future attacks, we took additional security measures:

Changed all admin passwords and database credentials
Disabled XML-RPC to prevent brute-force attacks
Installed a firewall (Cloudflare & Wordfence)
Implemented Two-Factor Authentication (2FA) for admins
Blocked known malicious IP addresses

Final Results

✅ 242,000 spam pages removed from Google
✅ Malware fully cleaned
✅ Site secured from future attacks
✅ Completed within 10 hours

If your WordPress site has been hacked and is showing thousands of spam pages in Google, act fast! Removing the spam quickly can prevent your domain from being blacklisted. Need help? Contact us today for professional WordPress security and malware removal services.