WordPress SEO spam

Why do Chinese characters appear in Google under my website?

Why do Chinese characters appear in Google under my website?

If Chinese characters appear in Google under your website, and you never published such content, treat it as a security incident. It is usually not a translation issue and not a random Google mistake. In most cases it is WordPress SEO spam: an attacker uses your trusted domain to publish or generate foreign-language search results.

The website may still look normal when you open it directly. The admin area may work. The first visible sign is often a site:example.com search showing unfamiliar titles, snippets or URLs. Search Console may also report hundreds of new pages you did not create.

Do not start by removing URLs from Google. First stop the compromised website from producing the spam.

Common symptoms

Typical indicators include:

This overlaps with the broader problem of Google indexing spam pages from your website, but the foreign-language snippet is the symptom most owners notice first.

How the attack works

Attackers want to borrow the authority of a legitimate domain. Instead of ranking a new spam domain, they compromise an existing WordPress website and make it produce search-friendly junk pages.

Common techniques include:

This is why deleting visible pages is rarely enough. If the generator remains, the spam will return.

Indicators of compromise

Inspect these locations carefully:

wp-content/uploads/
wp-content/cache/
wp-content/mu-plugins/
wp-content/plugins/unknown-plugin/
.well-known/

Suspicious filenames may include:

index.php
class-seo-cache.php
wp-sitemap-helper.php
cache-loader.php
content-api.php

Code patterns to review:

eval(...)
base64_decode(...)
gzinflate(...)
str_rot13(...)
file_get_contents('https://...')

These functions are not always malicious by themselves. Context matters: file location, package origin, timestamp, owner and surrounding code.

How to investigate

Save examples from Google first: URL, title, snippet and behavior after clicking. Then use Search Console URL Inspection to see what Google receives.

Review:

If the malware targets only Googlebot, your browser may not reproduce the problem. Server logs and Search Console become more important than visual inspection.

Cleanup order

Use a controlled cleanup sequence:

  1. Create a forensic backup of the infected state.
  2. Identify the file, plugin, database entry or rule producing the spam.
  3. Replace WordPress core from official sources.
  4. Reinstall plugins and themes from trusted sources.
  5. Remove unknown administrators and application passwords.
  6. Rotate WordPress, hosting, SFTP and database credentials.
  7. Clear application, server and CDN caches.
  8. Make spam URLs return 404 or 410.
  9. Submit a clean sitemap in Search Console.

If paid traffic is affected, also follow the steps in our guide about Google Ads malware suspensions.

When to call an expert

Get help if hundreds or thousands of foreign-language results exist, if deleted pages come back, if the entry point is unclear, or if the site handles leads, orders or personal data. WebShield checks files, database records, users, cron events, redirects and HTTP logs, not just the visible spam snippets.

Managed WordPress protection is designed to turn cleanup into ongoing monitoring, backups, logging and fast expert response.

Conclusion

Chinese characters in Google under your domain usually mean SEO spam, not a harmless indexing glitch. Clean WordPress first, remove backdoors and persistence, then ask Google to recrawl clean responses. Search Console can help with recovery, but it cannot disinfect the server.

Want to avoid the next WordPress infection?

WebShield helps with continuous protection, backups and logging so reinfections are easier to prevent.