How to Block Referral Spam from Google Analytics

Have you ever checked your Google Analytics and noticed a sharp increase in your web traffic? And what you see is hundreds or thousands of website visits just in few hours/days. Just like that?

At that particular point, you may be excited about the sudden traction your website gained, especially if you are still struggling to attract visitors to your web pages. Unfortunately, this traffic is not real.

If this happens to you, it is the work of a referral spam. Don’t be afraid here; you haven’t been hacked. Referral spam distributes fake visits to almost all the websites available on the web. The good news is, you can block them all from affecting your online metrics from Google Analytics.

So, in the next few phases of this article, I will explain the process of blocking fake traffic from your Analytics tool.

What is referral spam?

Referral spam or referrer spam is a bot that uses fake URLs and domain names to create fake web traffic in your Google Analytics. Sometimes, it uses legitimate URLs to carry out black hat SEO techniques.

The traffic you get through the referral spam populates your web metrics and makes your traffic seem real. In most cases, the intention of the spammer is to redirect the traffic back to their web pages.

Types of referral spam

There are two most common types of search bots that carry out these unwanted activities. They are Crawler Spam and Ghost Spam.

  • Crawler Spam was the first known bots. It crawls web pages for the purpose of indexing them on search engines. But spammers use the same both to create fake traffic on websites using Google Analytics.

How to discover referral spam

Sometimes, it’s easy to spot referral spam. Other times, however, it’s difficult to know the spammy websites simply because they disguised to make you believe that the traffic is genuine. And not quickly identifying spam makes it more frustrating.

But one easy way to identify these spammy websites is by looking at the Bounce Rate and the Average Session. If these two elements show 100% and 0 respectively, it’s highly likely the URLs or domains are fake.

In case you are not sure, then you need to take the risk of clicking on the suspicious links to check them out. Remember never to download anything from the websites you cannot identify.

How to block referral spam

There are two ways you can block referral spam from injecting fake referral websites on your Google Analytics. The first method is to use server solutions such as a .htaccess file, WordPress plugins or web.config. The second method is to use a Google Analytics filter to either block the IP address or the domains.

Whichever process you choose, they are all effective. But it takes time (roughly 24 hours) before the settings reflect in your server or Google Analytics.

Method 1: How to block referral spam using .htaccess

For this example, I will be using cPanel. If your web hosting server isn’t using the cPanel control panel, you should ask your host company to show you how to locate the root directory.

To get started login to the customer page of your website host company and click on cPanel. On the homepage of the control panel, locate File Manager under File and click on it.

The next page will display the root directory. On the directory, click on public_html or the folder of the website you are working on. By default, the .htaccess is hidden probably because it is a very sensitive file.

You should see this on the page.

If it doesn’t appear right away in the root directory, no worries. Click on settings at the upper-right corner, tick Show Hidden Files (dotfiles) and save the changes. Here we go; it should be right there now.

If you still can’t find it, then you have to create the file yourself. To do this open a code editor and save the document as .htaccess. After that, upload the file to the root directory.

Next, highlight the .htaccess file with a single click and click Edit at the upper-centre side. A code editor file will display.

NOTE: you should be very careful tampering with the file. Any slight mistake could shut down the entirety of your website. In case there are codes in the file, copy the codes and save them somewhere as a backup.

Should something go wrong and your website is shut down, copy those codes back into the file and save it. Everything should go back to normal after that. In this juncture, it will be wiser to seek expert’s assistance.

After opening the code editor, copy the below codes into the file and click save.

RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC,OR]]
RewriteCond %{HTTP_REFERER} [NC]
RewriteRule .* – [F]

Don’t forget to change the domain names on the above code to the ones you want to block before saving. I suggest you leave the code as it is, then add any fake domains you may have to the list. At this stage, you are done.

VERY IMPORTANT: You notice that the last domain in the code ends with [NC] without the ‘OR’ value. It simply means the blocking process terminates there since there is no more domain left to process. So, when adding new list, place it above the domain that ends with [NC].

Debunking the myth about .htaccess

You will hear some experts tell you that blocking Ghost Spam with .htaccess is impossible since these bots don’t visit your website. They only need your Google Analytics tracking code number to inject referral spam.

Well, this claim is completely false. I have personally tested .htaccess and it works perfectly fine. In fact, I don’t use Google Analytics at all for blocking these fake traffic; all I do is what I have explained above.

But, if you are interested in using Google Analytics filter, read any of the 2 guides I listed below to get it done.

Method 2: How to block referral spam in Google Analytics

Already, there are a lot of nicely written articles about blocking referral spam in Google Analytics. So, I won’t go into the process. Rather, I will refer you to the 2 straightforward articles explaining the process.

Below are the posts you can follow in case you want to apply this blocking directly in Google Analytics.

Addressing the most common concerns

If you are one of those facing this problem, you may be concerned about the possible effects of such illegimate activities on your web pages. The two most common questions people ask are:

  • Will my search engine ranking be affected by this? The simple and straight answer is NO. If this concern is based on bounce rate, then there are no worries at all. Google doesn’t use bounce rate as a ranking factor. However, spam data get mixed up with the original data. And if not realised, you are going to be analysing fake data.


Your first step to getting real metrics in Google Analytics is to watch out for referral spam. If referral spam is blocked successfully, the impact of fake traffic will be reduced drastically. Still, these spammers never stop, and you should never stop blocking them.

If you have problems creating the .htaccess file or blocking spam yourself, do contact me for support. Together we shall continue to get rid of the unwanted traffic.