Preventing Analytics referral spam and fake visits

03 June, 2015 by Tom Elliott

Referral spam and fake visits in Google Anlaytics have increased dramatically recently; a worrying rise that I see across the majority of the websites I have Analytics access to. The below graph helps illustrate this, showing the rise in spam to a low traffic site followed by a fall in total visits after the spam is filtered out and only natural visits remain.

Graph to show rise in spam visits and effect after filters added

Graph to show rise in spam visits and effect after filters added

The majority of this type of referral and search spam are fake visits, created by spammy sites by mass manipulation of the Google Analytics tracking code.

Unfortunately, Google doesn’t appear to be addressing this issue (at least not that I’ve seen) and it is likely these fake visits will get worse before they get better.

If you’re seeing any of the below types spam in your Analytics, you should take a few minutes to implement the steps in this post which will help you fix all (or at least most) of your Analytics spam problems.

Google Anlaytics types of spam

Referrer spam and fake search spam such as and

The issue with this type of spam is most common with Google’s ‘Universal Analytics’ – the latest tracking code format. When a new site is setup, Universal Analytics generates a unique code in the format ‘UA-XXXXXXXX-1’.

These unscrupulous websites generate 8 digit numbers that match the tracking code format and use it on their site. They do this on a massive scale and when this code matches the code on your site, you see their spam. They are all fake visits and no one has actually been to your website.

Why do these websites do this? Probably to drive visitors from Analytics for profit through advertising or other services on their dodgy website.

For larger sites with plenty of traffic, a few hundred fake visits won’t have much impact, but for smaller businesses or websites where traffic is low, this can be really frustrating. I’ve seen sites where fake hits account for over 1,000 visits per month and up to 80-90% of overall visits.

These fake visits give a false impression of the visitor numbers to a site, can hugely inflate bounce rates and reduce the values for time spent on site. People may not see these visits as spam and could potentially make bad marketing decisions based on this inaccurate data.

So what can be done to reduce these fake visits and referrer spam? I’ve had most success by following the below 3 steps.

Step 1 – Add a hostname filter

All fake visits and fake referral spam can be stopped in their tracks by adding a simple hostname filter that matches your domain name. This ensures all traffic recorded in Analytics is traffic to your domain only.

hostname filter

Adding a hostname filter in Google Analytics

Once logged into Analytics admin, select the relevant account and website property and navigate to the ‘filters’ option. Select ‘New filter’ and input the details as above, with your domain name as the Hostname.

The ‘predefined’ filter type can be used here and make sure to include only traffic to the hostname that contains your domain name. You don’t need to enter ‘www’ or ‘http’ which can be useful if you have sub domain variations or ‘https’ enabled.

Make sure to include ‘All Web Site Data’ in the ‘Selected views’ on the right and save the settings.

Step 2 – Block known bots.

Not all spam is faked however. Some websites send actual visits via the use of bots or other crawlers which may still show up in your Analytics as referrals. While these referral visits do hit your site, they are still automated and spammy with no real visitor behind them.

Google Analytics has an option (disabled by default) to block hits from ‘known bots and spiders’. This can be reached by ‘View Settings’ as shown below.

Anlaytics bot filtering

Selecting bot filtering in Google Analytics

I haven’t noticed any real impact using bot filtering yet, but it’s an easy option to enable and still worthwhile. I antipicate Google making better use of this feature in the future when it sees the havoc that these spam networks are creating.

Step 3 – Block persistent spam bots

If steps 1 and 2 don’t eliminate all referral spam, the below should. This step works for spammy sites such as, and which register as hits in Analytics but are in fact automated bots or spiders and not real visits.

This time, you need to select a custom filter from the new filters screen, select exclude and enter the domain to exclude in the ‘Filter Pattern’ field. You can either put the single spammy domain name here (excluding www and http) or add multiple domain names at once using the ‘OR’ operator (|) as shown below. This can be a huge time saver and avoids the need to setup a new filter for each domain.

Exclude multiple referral filter

This filter method should also be quicker and easier to add than various .htaccess or server side solutions that can also be used to fix these spam referrals.

I’ve applying these steps to many websites already, stopping spam in its tracks and hopefully will help others too 🙂


Google Analytics filter to show visits to your website domain »


  • Tobias Renberg says:

    Thanks for sharing this and I really hope this will solve the problems. I recently started a couple of new sites and I was really close to signing up on clicky instead, but I hope this will get rid of the spam for a while. Do you think it’s more secure if we add the analytics in a PHP file instead? So they can’t find the analytics numbers.

    • Tom Elliott says:

      Hi Tobias, thanks for your comment. In most cases of fake spam, the spammers don’t get the Analytics numbers from the site; they cycle through numbers randomly so I don’t think it would help obscuring them via PHP.

  • Jon Newby says:

    Giving this a go. Cheers man!

  • Ionizethemes says:

    Very useful, Thank You.

    I have just done the STEP 1

  • Harry says:

    My filters include only verified referral sources that are affecting multiple client sites and did not actually have valid referrals to those sites.
    There are lots of junk visits on the web; you will not get rid of them all. There are many from suspicious sites, but if you investigate by visiting those sites, then you play right into the wishes of the spammers — don’t do it.
    If you want to check out a source to see if it is legit, then try a simple google search for ‘ / referral’ and one of several spam monitoring sites like, will have articles about them. Stop there. It is not valid traffic, ignore it and get back to managing your website.

  • Always thought the only solution was to make huge lists of ip’s in htaccess, thank you, I shall give these suggestions a go

  • Marc says:

    Been having a problem with spam bots recently, and Google’s bot filtering didn’t help. I’ll give your suggestion a go – thanks!

  • Ross Stevens says:

    Great article. It would be good to get an updated version of this, as now the advice is only part of the solution!

    These spam bots are getting clever now and pretending to have the correct hostname etc.

    The only way I’ve dealt with it 100% is by following this article, and then creating a custom report that filters out any referral traffic using a list of words typically found in spam.

    The final step I took was to exclude all traffic outside of the UK, since I work mostly with SMEs in the UK, but this isn’t always appropriate, and YMMV.