How to Block Referral Spam from Google Analytics

Have you ever checked your Google Analytics and noticed a sharp increase in your web traffic? And what you see is hundreds or thousands of website visits just in few hours/days. Just like that?

At that particular point, you may be excited about the sudden traction your website gained, especially if you are still struggling to attract visitors to your web pages. Unfortunately, this traffic is not real.

If this happens to you, it is the work of a referral spam. Don’t be afraid here; you haven’t been hacked. Referral spam distributes fake visits to almost all the websites available on the web. The good news is, you can block them all from affecting your online metrics from Google Analytics.

So, in the next few phases of this article, I will explain the process of blocking fake traffic from your Analytics tool.

What is referral spam?

The traffic you get through the referral spam populates your web metrics and makes your traffic seem real. In most cases, the intention of the spammer is to redirect the traffic back to their web pages.

Types of referral spam

  • Crawler Spam was the first known bots. It crawls web pages for the purpose of indexing them on search engines. But spammers use the same both to create fake traffic on websites using Google Analytics.
  • Ghost Spam, on the other hand, is now commonly used and more aggressive. What this type of bot does is to send fake data to Google Analytics servers without accessing your web pages.

How to discover referral spam

But one easy way to identify these spammy websites is by looking at the Bounce Rate and the Average Session. If these two elements show 100% and 0 respectively, it’s highly likely the URLs or domains are fake.

In case you are not sure, then you need to take the risk of clicking on the suspicious links to check them out. Remember never to download anything from the websites you cannot identify.

How to block referral spam

Whichever process you choose, they are all effective. But it takes time (roughly 24 hours) before the settings reflect in your server or Google Analytics.

Method 1: How to block referral spam using .htaccess

To get started login to the customer page of your website host company and click on cPanel. On the homepage of the control panel, locate File Manager under File and click on it.

The next page will display the root directory. On the directory, click on public_html or the folder of the website you are working on. By default, the .htaccess is hidden probably because it is a very sensitive file.

You should see this on the page.

If it doesn’t appear right away in the root directory, no worries. Click on settings at the upper-right corner, tick Show Hidden Files (dotfiles) and save the changes. Here we go; it should be right there now.

If you still can’t find it, then you have to create the file yourself. To do this open a code editor and save the document as .htaccess. After that, upload the file to the root directory.

Next, highlight the .htaccess file with a single click and click Edit at the upper-centre side. A code editor file will display.

NOTE: you should be very careful tampering with the file. Any slight mistake could shut down the entirety of your website. In case there are codes in the file, copy the codes and save them somewhere as a backup.

Should something go wrong and your website is shut down, copy those codes back into the file and save it. Everything should go back to normal after that. In this juncture, it will be wiser to seek expert’s assistance.

After opening the code editor, copy the below codes into the file and click save.

RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER} [NC,OR]]
RewriteCond %{HTTP_REFERER} [NC]
RewriteRule .* – [F]

Don’t forget to change the domain names on the above code to the ones you want to block before saving. I suggest you leave the code as it is, then add any fake domains you may have to the list. At this stage, you are done.

VERY IMPORTANT: You notice that the last domain in the code ends with [NC] without the ‘OR’ value. It simply means the blocking process terminates there since there is no more domain left to process. So, when adding new list, place it above the domain that ends with [NC].

Debunking the myth about .htaccess

Well, this claim is completely false. I have personally tested .htaccess and it works perfectly fine. In fact, I don’t use Google Analytics at all for blocking these fake traffic; all I do is what I have explained above.

But, if you are interested in using Google Analytics filter, read any of the 2 guides I listed below to get it done.

Method 2: How to block referral spam in Google Analytics

Below are the posts you can follow in case you want to apply this blocking directly in Google Analytics.

Addressing the most common concerns

  • Will my search engine ranking be affected by this? The simple and straight answer is NO. If this concern is based on bounce rate, then there are no worries at all. Google doesn’t use bounce rate as a ranking factor. However, spam data get mixed up with the original data. And if not realised, you are going to be analysing fake data.
  • Does this mean your website has been compromised? Again, the answer is NO. As long as you did not download anything from the spammy sites, you are good. All the same, you need to be cautious with the pages you open.


If you have problems creating the .htaccess file or blocking spam yourself, do contact me for support. Together we shall continue to get rid of the unwanted traffic.

Online Marketing Specialist