B2B software company WordPress backdoor + 120 JP SEO spam · Google rank back in 4 weeks
A B2B software company's WordPress corporate site was compromised 6 months earlier. A Google Search Console "JP spam content" warning appeared. 14 backdoor PHP files were added to wp-includes/ and 12,000 hidden posts were added to the DB. The site's Google rank dropped 78%. With a clean install + WAF + reconsideration request DSET regained the rank in 4 weeks, with 18 months clean.
01 The Challenge
A Google Search Console "site contains spam content" warning, 120 URLs. 14 PHP backdoors in wp-content/uploads/ (hidden with .htaccess). 12,000 new posts in the WordPress DB (hidden, JP content, for SEO spam). The site's rank dropped 78%; a customer threatened the contract: "why do these Japanese pages appear on your site?"
02 DSET's Approach
T+0 · Clean install
WordPress clean install (backup files rejected, original content exported from the DB). All 14 backdoor PHP files were deleted.
T+72h · DB cleanup
12,000 spam posts were cleaned from the DB. Themes + plugins were upgraded to the latest versions. wp-config.php was hardened.
T+1 week · WAF + GSC
Cloudflare Pro WAF active, strict rules. A GSC reconsideration request was submitted. 120 spam URLs were removed with "410 Gone" + the sitemap was updated.