Have you recently searched for your website on Google and discovered strange foreign language results like Japanese gambling or pharmacy keywords in your title or description? If so, you’re likely dealing with a common but serious issue: your WordPress site has been hacked and injected with cloaking content designed to manipulate search engine bots.
This issue is commonly referred to as “Hacked with Foreign Text in Search Engine”, and if left unresolved, it can severely damage your SEO, traffic, and reputation.
In this article, we’ll walk you through identifying and removing the hidden malware that causes this issue. We’ll also discuss the root cause, how it works technically, and how you can fully recover and secure your WordPress site or let the experts at QUAPE handle it for you.
What Does “Hacked with Foreign Text in Search Engine” Actually Mean?
This type of hack is a form of search engine cloaking. Cloaking is when your website shows different content to search engine bots than it does to human visitors. In these attacks, hackers typically inject foreign text such as Japanese keywords or gambling ads into your site’s code but only bots like Googlebot can see it.
The goal is to hijack your SEO rankings to benefit spammy third-party websites. Your real content is replaced with fake content that misleads search engines, often redirecting them to external malicious sites.
How to Detect the Issue
-
Search Your Site in Google
Typesite:yourdomain.comin Google and look for pages with foreign language titles or strange meta descriptions. If you see content that’s not yours, your site has likely been hacked. -
Check Google Search Console
Google will often notify you under “Security Issues” or “Manual Actions” if cloaking or spam has been detected. -
Verify the Frontend and Backend
Open your site in a normal browser you might not see anything suspicious. Then, change the user-agent (using browser extensions or tools like User-Agent Switcher) to simulate Googlebot. If different content is shown, cloaking is active.
How It Works: The Technical Breakdown
Most cases of “Hacked with Foreign Text in Search Engine” are caused by a malicious plugin or backdoored theme. In one recent case, a plugin disguised as a performance tool (referred to here as the Redacted Plugin) contained code that specifically targeted bots and served them different content.
1. User-Agent Detection
The plugin checks whether the request is coming from a search engine bot:
2. Cloaked Content Delivery
If the visitor is a bot, the plugin fetches and displays content from an external malicious site:
This content is invisible to regular users, making the attack harder to detect without proper tools.
3. Remote Configuration via Token
The attacker also included a method to update the redirect URL using a secret token:
This means they can change the spam target at any time without accessing the admin dashboard again.
Also Read: 7 Tips for Secure Web Hosting Company
How to Fix the Issue
Step 1: Remove the Malicious Plugin
Log in to your WordPress admin panel, go to Plugins, and look for suspicious entries particularly anything unfamiliar or recently installed. If you find something like the Redacted Plugin, deactivate and delete it immediately.
If the plugin hides itself from the admin panel, navigate to wp-content/plugins via FTP or your hosting file manager and delete the folder manually.
Step 2: Clean the Database
Many times, malicious redirect URLs are stored in the WordPress options table. Access your database via phpMyAdmin and run:
- #3 New Home for CSF After ConfigServer Closure - August 4, 2025
- #2 How to Secure Your Infrastructure with Cloudflare Zero Trust - July 17, 2025
- 7 Tips for Secure Web Hosting Company - July 8, 2025
