How to block referral spam

Referral spam has become extremely annoying in the last 12 months. Purposely ruining your analytics data is plain evil. At the end of a long, hard day of work, all I want to do is sit back and look at my Google Analytics reports. These spammers have ruined that for me and so, its time to get back my well-deserved analytics time.

Why does it exist?
I’m not 100% sure as to why people would spend time coding a bot to spam your website with fake traffic. My only guess is that as you look through your analytics report you see traffic coming from their domain and so you check it out. Allot of these domains 301 to an affiliate link for AliExpress and so they spam your website in the hope that you are so impressed by the AliExpress homepage that you sign up through their affiliate link.

How do I stop it?
There are a two ways to stop the spam, dead in its tracks. The first is to block it so your server never sends any data back to the spam-bot, thus never loading your analytics JavaScript and never registering on your Analytics dashboard. The second and easiest way to block the spam is to block it at Analytics. As far and I can tell, the bots aren’t making so many requests that its putting any additional load onto the server.

Block the bots completely
Blocking the bots can be done with your .htaccess file, for Apache users and with a custom script for Nginx users. The .htaccess file should be located in the root of your website directory, typically:


A sample .htaccess that blocks some well known bots can be found on Github by a user canned Stevie-Ray. This kind user has also included a sample configuration file that will block spam bots with Nginx, along with an easy to follow guide on how to install the script.

Block the bots with Google Analytics
Google has kindly provided us with a check box that ‘Exclude all hits from known bots and spiders’. This check box can be found visiting the
admin section of your Google Analytics dashboard. Select the property that you want to manage and then on the very right click ‘View Settings’. In view settings you will a check box that reads ‘Exclude all hits from known bots and spiders’, under ‘Bot Filtering’. Check that.

For further referral spam bot annihilation, navigate back to the admin section of your Analytics dashboard and expand ‘Tracking Info’, under the property that you have selected. Click ‘Referal Exclusion List’ and you will be presented with a #d14836 button that will allow you to put in a domain.

How to tell if the referral is spam
In the reporting section of your website, you can navigate to your referral traffic by visiting ‘Acquision>All Traffic>Referrals’. Here you will be presented with a list of websites that have sent your traffic. The bounce rate of a referral is usually a good indication that the traffic is spam. A high bounce rate, from 80% to 100% is usually a good indication. Make sure you do not exclude traffic from well-known sources, such as Reddit or Facebook. If you’re unsure, visit the URL and see if it is a website that looks like it would be sending you traffic.