Quick guide to Google Analytics referrer spam

Have you noticed strange referrals in your Google Analytics (GA) reports, from domains that you’re pretty sure have never linked to yours?

They skew your traffic data pretty significantly, and can account for hundreds of visits a week. The good news is that the majority can be stopped — and pretty simply, too.

What is referrer spam?

Referrer spam is a type of web spam designed to trick webmasters into visiting websites. Some use domain names that can be confused with genuine websites, like “hulfingtonpost.com” — the idea being that excited webmasters will see this referral in their GA reports and visit the domain, hoping to see a glowing article about their brand on a major news site.

The spammer makes money through advertising, convincing you to sign up for services, or (worst case scenario) installing malware of some sort, effectively turning your computer into part of its botnet.

The less real traffic your site gets, the more these fake referrals will affect your data and your SEO. If you run a small business and get around 50 visits a day, 34 visits from a spam bot will make it virtually impossible to tell how well you’re really doing. Referrer spam tends only to register a visit on the homepage, causing your bounce rate to go through the roof. What use is analytics data when it’s all wrong?

Of course, you can block these domains in your GA settings, but new ones pop up every day — and if you’re only able to block them after they’ve visited your site, then your data is still going to be useless unless you remove them from historical reports (you can do this using segments).

Types of referrer spam

There are two types of referrer spam: bots that actually visit your website, and “ghost” referrals that don’t. Each needs to be managed differently.

Crawlers or bots

Some bots — such as Googlebot — are harmless. They quietly visit your site, obey your robots.txt directive, and then leave again without executing JavaScript. Your GA tracking code uses JavaScript to run, and as these bots don’t trigger it, your traffic data is not affected.

Then, you have the bad bots — which stomp in, activate JavaScript, and show up as referral traffic in your GA reports.

Most crawlers and bots can be blocked in your .htaccess file, or using a WordPress plugin such as Spam Referrer Block. This plugin updates on a weekly basis, automatically blocking known referrer bots from your site — meaning you don’t have to worry about manually updating files. You can read more on editing your .htaccess file here, but if your site runs on WordPress, you might find the plugin more convenient.

Ghost referrer spam

Ghost referrers — such as darodar.com, ilovevitaly.com, simple-share-buttons.com and buttons-for-website.com — never actually visit your website, so blocking them in your .htaccess file or using a plugin will not stop them from appearing in your analytics data.

These ghost referrals use your GA tracking code. As these codes always are always the same length and format, it can’t be too difficult for a computer to generate some matches. Then, somehow, these sites generate fake page views to Google’s tracking service, tricking Google into thinking they have visited your site.

You can remove them individually from your analytics data using filters, but as more are popping up every day, this would be an on-going job. Filtering by host name is the most effective way of managing this from within your GA account — but it has to be done carefully so you don’t exclude genuine traffic.

In your hostname filter, you want to include your domain, subdomains, any e-commerce or payment sites your website uses — and exclude everything else. It’s important to always keep an unfiltered view so you can compare occasionally and make sure no well-behaving traffic has been excluded by mistake.

Alternatively, you can change your GA tracking code. Ghost referrer spam tends only to affect sites whose tracking code ends in -1. If you create a new GA property with the suffix -2, -3, or -4, the ghost referrals should stop. Of course, the spammers may catch on at a later point, but for the time being, this is arguably the most effective method of stopping it all together. The bad news is that you will no longer be able to compare historical traffic data — but if your site is relatively new, or you don’t see much traffic anyway, this is by far the easiest option.

Whether you are suffering from one type of referrer spam or both, it’s never a good idea to visit the referring site. If you see an unfamiliar referral in your GA report, Google the site first to get an idea of its reputation and to see whether it’s likely to be genuine.