Hosting Tutorial & Guide

How to Block Referrer Spam Effectively

updated on Apr 02, 2016
How to Block Referrer Spam Effectively Referrer spam has become an annoying issue for many websites because they mess up the Google Analytics reports and bring some other potential security issues to your site. When you are hit by referrer spam, you can notice a large number of referral links which are actually spammy links with the fake referrer information sent by bots.

For this tutorial, we will offer some important information about referrer spam, and then introduce several effective and commonly used ways for blocking the spam bots.

What Is Referrer Spam Indeed?

Referrer spam means a large number of fake referral links that flood your site analytics. These links are sent by spam bots which crawl hundreds or more websites per day and then sent HTTP requests to those sites. The HTTP requests contain bogus referrer headers which prevent the bots to be detected as spam.

Most of the spam links appearing in the Google Analytics reports are not actually generated by real visits to your site. Instead, the spam bots pretend to hit your site by sending requests to your Google Analytics script only by making use of your UA code.

At first glance, referrer spam does not bring much harm to your site, but if you are getting much spam in this kind, you have to take the problem seriously because:
  • Referrer spam corrupts the analytics data. As your analytics reports are flooded with fake data, it is hard to make marketing and SEO analysis.
  • Referrer spam increases the server load. As your site is crawled and visited unwantedly, these deeds consume your server resources, which may result in slower site speed. More severe results would be higher bounce rates and lower search engine rankings.
When looking at the data in Google Analytics, those referral links with 10 or more sessions and nearly 100% bounce rate are probably sent by spam bots.

Referrer Spam

In below, there are three optional solutions for blocking referrer spam.

Solution 1: Block the Spam Bots via the .htaccess File

By adding a simple code to the .htaccess file of your site, you are able to disable the well-known referrer spammers' ability to register as a referrer. Just edit the file, and then paste the following code in it.

Block Referrer Spam with .htaccess

The domains in the code are some of the sites that have generated a lot of referrer spam. If you have noticed some other domains showing up in your analytics data frequently, you can also add them to the code. Or you may refer to this referrer spam blacklist published by Piwik.

For the sake of security, be sure to make a backup of your .htaccess file before making any change because a small mistake will possibility break your site.

This method is simple to apply, but there is a small problem. The ghost referrals which do not visit your site cannot be stopped. If you want them to disappear, you will also need to implement the Solution 3.

Solution 2: Block Referrer Spam with a WordPress Plugin

If your site is built with WordPress, an alternative to the modification of .htaccess would be installing a plugin which comes with full functionality in dealing with referrer spam. In this case, a plugin named SpamReferrerBlock should be a good choice.

After the plugin is activated, go to Settings > Spam Referrer Block to make some configurations. For the general options, you can check any one as you want. And at the bottom of the page, you will see a long blacklist of the domains used by spammers. All these domains are monitored and blocked by the plugin so you can feel safe from them. As the list is constantly updated, you can keep it up-to-date by downloading the newest version from the server.

Referrer Spam Blacklist

If you have found some other spam links in your Google Analytics reports, you can also add these domains one by one in its own line in the text area under "Custom Blacklist" which locates between the general options and the blacklist. Once you save the settings, the plugin will block the domains, too. For you custom blacklist, you can also upload it to the plugin's server to help others.

Add a Custom Blacklist

Blocking referrer spam with a plugin has the same limitation as the Solution 1 because this method is weak in fighting against the ghost referrals. Therefore, while using a plugin to block the known spammers, you'd better use filters in Google Analytics also to make sure the best possible results.

Solution 3: Set up a Filter in Google Analytics

Google Analytics is built with features for blocking both the common referrer spammers and other ghost referrals – the filters. But before setting up any filter, you can find the "View" settings in the "Admin" panel in Google Analytics and get the "Bot Filtering" checked. Although the effect of this option might be minor, you can still expect Google to filter the known spammers and bots automatically.

Bot Filtering

After doing so, you can take the steps in below to block other referrer spam.

Stop common spam bots with a filter

To do so, you need to login into your Google Analytics account, navigate to the "Admin" tab and then click on "Filters" under the "View" column.


Clicking on the "Add Filter" button, you will get to a form which can be used to create a filter. Enter a filter name as you like, and select "Custom" > "Exclude" for the filter type. For the filter field, select "Campaign Source" from the drop-down. Now you can enter the domains of referrer spammers' in the text box under "Filter Pattern" with the Regex string. Each domain is separated with a "|".


The creation form now should look like this.

Create a Filter

After checking the settings, save the filter to take it into effect. You can use this filter to stop some annoying spammers effectively.

If you are not familiar with setting up a filter or do not want to deal with the settings manually, you can also take advantage of a tool like Referrer Spam Blocker. As long as being authenticated, this free tool installs filters automatically on your Google Analytics account. Also, it includes a blacklist which is updated regularly. Getting started with this tool is quite easy, requiring no technical knowledge.

Stop other ghost referrals with a filter

Filtering the commonly-seen referrer spam with the method above is effective, but as spammers can easily register more domains to start over again, we suggest you to set up another filter which only includes the traffic with a predefined hostname.

This does not stop all spam bots indeed because the hostname can be impersonated, but fortunately, most spammers are not sophisticated enough to spoof the hostname since they usually do not set a hostname or use a random domain.

Creating such a filter in Google Analytics requires more steps. Firstly, you need to get the hostname reports by logging into the Google Analytics dashboard and going to "Audience" > "Technology" > "Network". Select "Hostname" as the primary dimension, and then choose a time range of at least one month. Under the "Hostname" column, you will see a list of hostnames.


Among these hostnames, there are some valid ones as well as some from spammers. You only need to note down those valid ones.

After getting the hostnames, you now need to create a filter to include them, so that the visits with other hostnames are not included in your site analytics.

Still, you can enter a custom filter name that is easy to identify. Then, select "Custom" > "Include" for the filter type and "Hostname" for the filter field. For the filter pattern, enter the valid hostnames by using the basic Regex. Below is an example.


Then you should get a filter like this.

Set up a Filter for Ghost Referrals

At last, save the filter. You may need to wait for a minimum of 24 hours to see any change in the website data reported in Google Analytics.