Is your WordPress site‘s Google Analytics data being bombarded by referrer spam? You‘re not alone. Over 28% of all website traffic is spam, according to data from Imperva. And a lot of that spam shows up as bogus referrals that throw off your analytics.
If you‘ve noticed traffic sources in your reports that look something like this, they‘re probably referrer spam:
- free-social-buttons.com
- share-buttons.xyz
- googlsucks.com
- 100dollars-seo.com
These junk referrals can wreak havoc on your Google Analytics data by:
- Artificially inflating traffic numbers
- Messing up bounce rate and session duration
- Obscuring real traffic sources
- Skewing conversion data
- Leading to incorrect assumptions and bad decisions
Ultimately, referrer spam renders your analytics data much less useful. You need accurate data to make informed choices about your WordPress site and digital marketing.
So how can you fight back against referrer spam in Google Analytics and reclaim your data? Let‘s break down the most effective methods for blocking referrer spam in WordPress.
What Is Referrer Spam?
First, let‘s define the problem more clearly. Referrer spam, also called referral spam or ghost spam, is fake website traffic generated by bots and scammers. The perpetrators use automated scripts to send tons of requests containing made-up referrer URLs in order to get their spam links in front of webmasters.
There are two main types of referrer spam:
- Crawler referrer spam – Spam bots actually visit your site and show up in server logs
- Ghost referrer spam – Spammers send fake hits directly to your Google Analytics property without ever accessing your site
Most referrer spam is the ghost type that never touches your WordPress site. But it can still pollute your Google Analytics data and mess with your perception of traffic.
Why Do People Use Referrer Spam?
So what‘s the point of referrer spam? What do the spammers get out of it? The most common motivations are:
- Getting free backlinks and promotion for their sketchy sites
- Advertising spammy products and services to webmasters
- Phishing for personal information through scam offers
- Manipulating analytics data to sabotage competitors
- Propping up their own sites‘ analytics with fake traffic
For instance, you may see a lot of referrer spam for cheap SEO services, bootleg products, or adult content. These spammers are hoping some percentage of curious webmasters will visit their linked sites.
As maddening as it is, referrer spam remains a popular black hat marketing tactic because it‘s so easy to do. Luckily, it‘s also pretty easy to block if you use the right methods.
How to Identify Referrer Spam in Google Analytics
Not sure if those unfamiliar domains in your referral traffic reports are really spam? Here are some common signs:
- Sudden spikes in traffic from a new referring domain
- Referrer URLs contain random characters or links to suspicious sites
- 100% bounce rate and 0:00 avg. session duration from a referrer
- Referrer domain doesn‘t make sense for your site‘s topic and audience
Basically, if you see a referring source that seems shady or too good to be true, it‘s probably spam. To investigate further, you can:
- Check the full referrer URL paths for clues in Behavior > Site Content > All Pages
- Look up the suspicious domain in the Spamhaus Domain Blacklist
- Google the domain name to see if others have reported it as referrer spam
- Compare traffic in Google Analytics with hits in your server logs during the same period
Once you‘ve identified the culprits, it‘s time to banish them from your analytics for good. Here are 5 ways to stop referrer spam from polluting your Google Analytics data:
Method 1: Use Filters in Google Analytics
One of the most direct ways to eliminate referrer spam is applying exclusion filters right in Google Analytics. This prevents the spammy hits from ever entering your data in the first place.
Here‘s how to set up filters for blocking ghost referrer spam:
- Go to Admin in Google Analytics and make sure the right property is selected.
- In the View column, click Filters > Add Filter.
- Name the filter something like "Exclude Referral Spam"
- Under Filter Type, select Custom and choose Exclude
- For the Filter Field, select Campaign Source
- Now enter the domains you want to exclude in the Filter Pattern box, like this:
spamsite1.com|spamsite2.com|spamsite3.com - Use pipes | to separate domains and escape dots with a backslash \
- Click Save and repeat for any other spam domains
Keep in mind that each filter has a limit of 255 characters in the pattern field. So you may need to create multiple exclude filters to cover all the spam domains. You can also use regex to block spam from subdomains.
The one downside of relying solely on filters is that you have to stay on top of adding new ones as more spam crops up. But filters are easy to set up and very effective at stopping ghost referral spam.
Method 2: Create a Valid Hostname Filter
In addition to filters for specific spam domains, you can block referrer spam by only tracking hits to valid hostnames. Since most referrer spam is never hitting your actual website, this eliminates a big chunk of junk data.
Follow these steps to create a valid hostname filter in GA:
- Go to Admin > View Settings in Google Analytics
- Scroll down to "Exclude URL Query Parameters:"
- Enter your domain name, starting with a backslash: .yoursite.com
- Click Save
Now only traffic to your real website domain will show up in the reporting view. No more fake hits from spammers!
This can also help filter out staging site and localhost data. Just be aware that the hostname filter could hide legitimate traffic to other subdomains you want to track.
Method 3: Upgrade to Google Analytics 4
If you‘re still on Universal Analytics, consider upgrading to the latest version, Google Analytics 4. GA4 has much more robust spam filtering capabilities built-in.
It uses machine learning to automatically identify and exclude spammy traffic, including sneaky referrer spam and bot hits. So you may not need to set up manual filters at all.
Making the switch to GA4 does require some planning and updated tracking code. But it‘s well worth it for the enhanced spam protection and other new features. See my guide on how to upgrade to Google Analytics 4 in WordPress.
Method 4: Block Referrer Spam with .htaccess
For a more aggressive approach, you can block referrer spam directly on your web server using .htaccess rules. This stops the spam bots before they can even access your WordPress site.
To set up .htaccess spam blocking:
- Connect to your site via FTP or cPanel
- Find the .htaccess file in your site‘s root directory
- Make a backup copy of .htaccess in case of mistakes
- Open .htaccess for editing and add this code:
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^http://.*spamsite1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} ^http://.*spamsite2\.com [NC]
RewriteRule .* - [F]Replace the example spam domains with the ones you want to block. Add more RewriteCond lines for additional domains.
This tells the server to check each request‘s referrer header against the blacklist and block access for any matches with a 403 Forbidden error.
.htaccess blocking can be very powerful and efficient. But make sure to test your rules extensively. A mistake or overly broad pattern could end up blocking real visitors.
Method 5: Use WordPress Security Plugins
Finally, you can automate a lot of the referrer spam blocking work with the help of WordPress security plugins. Look for plugins that offer strong anti-spam and firewall features like:
- Sucuri Security – Includes a cloud-based firewall that filters out spam threats in real-time
- Wordfence Security – Provides a web application firewall (WAF) with robust IP and domain blocking
- CleanTalk Anti-Spam – Uses intelligent spam protection algorithms to block malicious bots
These security plugins will proactively stop a lot of referrer spam and other threats from ever reaching your WordPress site or analytics. They automatically update blocklists and rules to keep up with evolving spam tactics.
While they won‘t catch every single hit of ghost referrer spam, the all-in-one protection of WordPress security plugins can go a long way in preserving your data integrity.
Check out more of the best WordPress security plugins compared.
Referrer Spam Blocking Tips and Best Practices
Now that you know the top methods for fighting referrer spam in Google Analytics, here are some tips for getting the best results:
- Don‘t just set it and forget it – Regularly check your GA reports for new referrer spam
- Combine multiple blocking methods for the most comprehensive coverage
- Be careful not to block any legitimate referrers your business cares about
- Annotate your GA data when you make any spam filter changes
- Periodically test your spam solutions to make sure they‘re still working
- Keep WordPress and all plugins updated to patch vulnerabilities
- Always back up your WordPress site and Analytics settings before making changes
Referrer spam blocking isn‘t a one-time task. Think of it more like routine maintenance to keep your data clean and useful.
Stop Referrer Spam from Haunting Your Analytics
I know how frustrating it is to see referrer spam mucking up your Google Analytics data. It‘s like a poltergeist that keeps coming back to ruin your day. But with the right tools and tactics, you can exorcise those spammy demons and reclaim your marketing mojo.
Just remember the key themes:
- Use GA filters to exclude known referrer spam domains
- Set a valid hostname filter to only track real traffic
- Upgrade to GA4 for automatic spam detection
- Stop spambots with .htaccess rules and security plugins
- Stay vigilant and adapt your blocking over time
By using these methods consistently, you can minimize the impact of referrer spam and get back to trusting your analytics data. Focus on the traffic sources and website visitor actions that actually matter to your WordPress site‘s success.
Still have questions about identifying and blocking referrer spam? Check out the FAQ below and leave a comment with your own experiences.
Frequently Asked Questions
What is the difference between crawler referrer spam and ghost referrer spam?
- Crawler spam comes from bots that visit your site, while ghost spam sends fake hits directly to GA.
Will blocking referrer spam improve my WordPress site‘s SEO?
- Not directly, but it will give you more accurate data to make SEO decisions. SEO attackers may also use referrer spam.
Does referrer spam affect other analytics tools besides Google Analytics?
- Yes, spammers can target any web analytics platforms like Adobe Analytics, Matomo, etc. Most have similar filtering options.
Can I stop all spam in Google Analytics?
- Probably not 100%, but you can greatly reduce it by using multiple blocking methods together and staying consistent.
How often should I check my Google Analytics for new referrer spam?
- At least once per month is ideal. Consider adding a recurring event to your calendar for analytics maintenance.
Do I need to block referrer spam to my WordPress site if I don‘t use Google Analytics?
- It can still help preserve your server resources and prevent spam in other tracking tools. Plus some referrer spam does contain malware.
Additional Resources
- Google Analytics Spam filter tool
- Definitive guide to eliminating Google Analytics spam
- How to set up Google Analytics in WordPress
){kind=link}